By Alexandra Burlacu | Apr 04, 2013 09:58 AM EDT
More than 200 Android apps are apparently designed to trick people into spending up to $1,000 for adult content, according to an Internet security firm.
Google Play recently saw a surge in Android apps designed by scammers to trick users seeking adult-oriented content. If an Android app demands money in exchange for adult videos, beware!
The warning comes from Symantec, which reports an alarming increase in one-click billing fraud scams.
"We are now seeing multiple developers fiercely publishing apps in bulk on a daily basis," security researcher Joji Hamada warns in a company blog post. "We have so far confirmed over 200 of these fraudulent apps published by over 50 developers, although it is likely that more exist. These apps have been downloaded at least 5,000 times in the last two months."
According to unrelated research from the Carnegie Mellon University's Information Networking Institute, one-click fraud is a scam where a person browsing the Web is suddenly informed they agreed to pay a registration fee by simply clicking on a link. This usually applies to pornographic material, and while the user is not legally obliged to pay anything, they usually pay the scammer out of guilt and shame for clicking the pornographic link.
Such one-click fraud attacks seem confined to the Japanese-language market, at least for now, and the Carnegie Mellon team of researchers found that less than 10 criminal gangs seem to orchestrate such attacks. The bad news, however, is that people tricked by the scam shelled out as much as 100,000 yen, or roughly $1,000, in one go.
While one-click fraud is virtually unknown in other parts of the world, in Japan it occurs quite often, with roughly 400 new cases reported each month. Government agencies keep track of cases filed with their offices, but many cases likely go unreported, Trend Micro security researcher Jonathan Leopando explained last year.
The Reveton malware, meanwhile is a more U.S.-centered variation of one-click billing fraud. This malware basically freezes a user's PC and displays a notice that they must pay a fine to the FBI or some other law enforcement agency for viewing illegal content. One-click fraud attacks are no novelty, but Android malware with the same purpose first surfaced last year.
"Typically, the apps only require the user to accept the 'network communication' permission, although some variations do not require the user to accept any permissions," notes Hamada. "This is because the app is simply used as a vehicle to lure users to the scam by opening fraudulent porn sites. The app itself has no other functionality. This may fool users into feeling safe about the app and catch them off guard when launching the app."
According to Symantec, it remains unclear at this point how many people who downloaded the Japanese-language fraudulent Android apps actually paid up, but scammers seem to be expanding to dating service apps as well.
© 2013 Mobile & Apps All rights reserved. Do not reproduce without permission.