The craze for Angry Birds has led to more than a thousand Britons falling for phone scams that has seen them be charged up to £15 ($23.48 at current conversion rates) just for opening fake versions of the game, as well as other mobile games such as Assassin’s Creed and Cut The Rope that were available on Google’s official Google Play platform.
Each of the 27 different Android apps pretending to be official editions of popular games included RuFraud malware that, despite the apps being downloadable for free, would charge the user each time the game was opened, with the total cost of the fraud being estimated in the region of £27,850 (Around $43,6000) all told. The scam was discovered by Lookout Mobile Security, who contacted Google and managed to have the apps removed as quickly as possible.
According to Lookout, the scam affected users in 18 different countries (In addition to the UK, users in Italy, France, Israel, Germany, Russia, Azerbaijan, Armenia, Georgia, Czech Republic, Poland, Kazakhstan, Belarus, Latvia, Kyrgyzstan, Tajikistan, Ukraine and Estonia all downloaded the apps) with the apps being listed under six different developers to throw off security scanning from Google.
The UK’s premium rate phone regulator, PhonePay Plus, described the methodology of the scam in a statement: “These fake apps were advertised as free but contained malicious coding (malware) that charged the phone’s account £15 every time the app was opened (usually charged through three £5 premium rate texts),” it explained. “The malware suppressed the sent and received text messages that notify users they have been charged. It was only when consumers received their bill that they were alerted to the fraudulent charges.”
It’s not all bad news, however; PhonePay Plus managed to not only prevent money being paid to the scammers, but also identify the scammers as a Latvian company calling itself A1 Agregator. The company is £50,000, as well as orders to refund any money that it has managed to take from users as a result of the fake apps within three months or face further action.
Worryingly, PhonePay Plus believes that this scam may have been the start of something bigger. “These apps had coding to affect 18 countries and can be seen as part of an experiment to see where these attacks were successful in delivering revenue,” the organization said. The takeaway message? Be careful about the apps you download for your phone – and check your cellphone bills closely, just in case.