Google was forced to pull a series of malicious Android apps masquerading as legitimate titles such as “Angry Birds”, after they were discovered on the official Android Market apps store on Monday.
Irate Android customers and developers took to Reddit to vent their frustration with the apps, which appear to have been posted on the store by a developer named Logastrod.
The malicious apps were disguised to look like “Angry Birds”, “Cut the Rope”, and “Where’s My Water”, among others, and attracted customers by being labeled as free.
However, even after Logastrod’s account was deleted by Google, the rogue apps appeared elsewhere under the different name of Miriada Production, according to a blog post by Finnish security firm F-Secure.
“There could be several such accounts in Android Market, turning Google’s security efforts into a game of ‘Whac-A-Mole‘,” F-Secure said. “If installed, the Trojans will attempt to send a premium rate SMS using short codes.”
Apps that dial or text to premium rate numbers owned by the cyber criminal have become an incredibly popular way to make money from victims, who usually download the software onto their smartphones believing it to be legitimate.
The scam was highlighted by Get Safe Online and Trend Micro last month, the latter estimating that mobile malware has grown an astonishing 800 per cent in just four months.
F-Secure said that previously all of the premium rate SMS Trojans it had seen were targeted at Russian users, but the latest batch were aimed at people in 18 different countries.
The malicious apps have been deleted from the official Android Market, but may still remain on third-party app stores such as AppBrain.
“So how is the developer attempting to justify their apps? Well … it’s in the fine print,” noted F-Secure.
“Included within the app’s installation agreement is language that says the ‘customer’ will be subscribed to a premium service, and then the app, which is basically a wrapper, will then download the ‘free’ game.”
This article was originally published on V3.