The poker playing Android malware pusher who took one gamble too many
Masaaki Kagawa had two primary ways of making money; one through his Tokyo-based IT firm, Koei Planning, and the other through his avid love of poker. It would come as a surprise to find out that the latter was a far safer bet for him.
Kagawa has winnings in the millions on the poker table. Yet after his company’s office was raided in April 2013, Kagawa and eight other men were arrested for soliciting Android Enesoluty, malware which collected user data and stored it on the owner’s device.
The findings from this sorry tale were revealed by endpoint security provider Symantec, who had been following the case since July 2012, with the operation going live in September of that year.
It wasn’t just Enesoluty which was causing the problems. Symantec estimates that Kagawa’s company made $3.9m – around 390m yen – on a dating site, Sakura. The site would pick up victims, then fire off spam to addresses collected by the malware.
Local media estimated that the company had 37m email addresses at their disposal, from over 800,000 Android devices.
According to Symantec employee Joji Hamada, who had been covering and assisting the case, on the same day in October 2012, five individuals accused of distributing Android.Dougalek malware were arrested by Tokyo Metropolitan Police, whilst two men were arrested by Kyoto Prefectural Police for developing and distributing Android.Ackposts.
This ensured that Android malware in Japan was a significantly growing problem, and with one-click fraud apps on Google Play – such as Sakura – starting to make waves at the beginning of 2013, it wasn’t going to die down easily.
With the revelation concerning the Android MasterKey vulnerability earlier this month – a weakness whereby users can take control of victims’ phones – it’s again a worry. And earlier this week Symantec published results of how the MasterKey was being exploited on at least two apps in China.
As for this case, Hamada mentioned there would be a “likely” prosecution for Kagawa and his associates. Yet he added that with other groups potentially involved with Android.Maistealer and Uracto malware, “there will be another few twists and turns to this story in the future.”
What do you make of these findings, and how will the MasterKey affect malware worries in the future?