Malicious apps hit Android Market with hidden charges
Google has removed fraudulent apps from the Android Market, after hitting unexpected users with hidden charges.
The users who downloaded one of 22 apps were being charged for downloading apparently innocent services, including horoscopes and games. The apps were downloaded more than 10,000 times before removal.
The apps lured consumers to choose options within the apps that resulted in paying premium rates linked with SMS use. Those apps were presented as bogus apps based on popular games and movies, including Angry Birds, Twilight and Cut The Rope.
Vanja Svajcer, Principal Virus Researcher from SophosLabs, wrote on the Sophos blog that “the requirements for becoming an Android developer that can publish apps to the Android market are far too relaxed.”
This is the most common model for creating malicious apps, where damage is too late to avoid because the app has already set up the premium SMS service. This potentially makes the app installation very expensive.
“The cost of becoming a developer and being banned by Google is much lower than the money that can be earned by publishing malicious apps. The attacks on Android Market will continue as long as the developer requirements stay too relaxed.”
- » SoundCloud repairs API-related security snafus after Checkmarx research
- » Linux Foundation and LISH publish latest open-source census with suggestions to boost security
- » Android 11 will add a new App Compatibility feature to ease testing
- » COBOL still going strong with enterprises favouring modernisation over retirement, report finds