Panda Security, The Cloud Security Company, has identified malicious apps on Google Play that can sign users up to premium SMS subscription services without their permission. These new threats have been able to infect at least 300,000 users so far, although the number of malicious downloads could have reached 1,200,000.
âPeinados FĂĄcilesâ (Easy Hairdos), âDietas para Reducir el Abdomenâ (Abs Diets), âRutinas Ejercicios para el Gymâ (Workout Routines) and âCupcakes Recetasâ (Cupcake Recipes) are among the malicious apps available for download on Google Play.
In the case of âDietas para Reducir el Abdomenâ (Abs Diets), for example, once the app has been installed and the user has accepted the terms and conditions of use of the service, the following happens: Firstly, the app displays a series of tips to reduce abdominal fat. Secondly, and without the userâs knowledge, the app looks for the phone number of the mobile device, connects to a Web page and signs the victim up to a premium SMS subscription service. However, how do fraudsters obtain the phone number of the device? The number is âstolenâ from one of the worldâs most popular apps: WhatsApp. As soon as the user opens WhatsApp, the malicious app will get the phone number and save it as part of the data it needs to synchronize the account.
According to data from Google Play, this app has been downloaded by between 50,000 and 100,000 users. The other apps work in exactly the same way, so it is safe to say that the four malicious apps may have infected between 300,000 and 1,200,000 users in total.
âThe truth is that fraudsters are making insane amounts of money from these premium services. A conservative estimate of, let’s say, âŹ20 paid by each user would result in a huge sum of 6 to 24 million euros stolen from victimsâ, said Luis Corrons, Technical Director of PandaLabs.
How to Protect Mobile Devices
Regardless of the security solution installed on their devices, users must always read the list of permissions requested by apps before installing them. If an app requires permissions to access the Internet or read SMS messages when there is no need for it, it should not be installed.
The Panda Mobile Security (v1.1) âPrivacy Auditorâ feature classifies apps with permissions to sign users up for premium SMS services under the âCost Moneyâ category, from where they can be easily removed.
âNot every app that is included in that category is malicious. Having said that, any app with permissions to act in the described manner can be considered dangerous. In any event, if the user sees any apps with permissions they should not have, they should remove them immediatelyâ, explained Corrons.
Additionally, these malicious apps have been designed to attack users in Spain, as the service is provided by a Spanish company and they mention mobile carriers operating in Spain such as Movistar, Yoigo, Orange and Vodafone. Also, the price charged to the user will depend on the company they use.
âThese apps might stay on Google Play for a long time as, in the end, it is the users themselves who willingly accept the appsâ terms of service, an aspect which might be used by fraudsters as a defense. A defense, in any case, not strong enough to prevent our solution Panda Mobile Security from detecting and removing their creationsâ, added Corrons.
More info, in PandaLabs Blog.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
