Fake android app attack hits fans of Angry Birds

Angy birds toysChinaFotoPress/Photocome/Press Association Images

A Trojan attack hit the android app market last year, affecting 1,391 mobile numbers and costing victims up to £80 each. Reporting restrictions have been lifted this week, so we can finally warn you about it.

So what happened, and how can you protect yourself?

The attack

A company uploaded fake apps in the Android Market - which is now the Play Store - in November. The apps were posing as popular games such as Angry Birds and Cut the Rope. Users who downloaded these apps would immediately be infected with a Trojan virus.

This accessed the phone, and whenever the app was opened it would send three premium rate text messages without the user being able to tell the messages had been sent. The cost of opening it each time was therefore £15.

The apps didn't work as the usual app would, and therefore the users were protected from running up incredibly large bills. However, a number of them had several attempts at opening the app before giving up with it - and hence ran up larger bills.

The regulator

The regulator of premium phone numbers, PhonepayPlus received 34 complaints - the first of which came at the end of November. It suspended the phone numbers involved on 16 December, and went after the company posting the app in the first place.

It fined A1 Aggregator Ltd £50,000 on 10 May this year, and demanded it stayed within the rules in future. It will also have to refund all money to anyone who lost out - regardless of whether they made a complaint or not.

The risk

However, while this attack was closed down, the risk remains. The House of Commons Science and Technology Select Committee's recent report on malware and cybercrime states that while approximately one in three adults use a smartphone, 'there is a distinct lack of understanding around related security issues' – and it reported that there was an 85% increase in malware detections on one platform in the first six months of 2011.

Tony Neate, Chief Executive of Get Safe Online, said: "In the last couple of years, fraudsters have intensified their efforts to target web users via the mobile phones. It's no longer a 'new trend', but a very real threat."

Protect yourself

Phonepayplus said it is essential to take some simple steps:
  • Treat smart mobile devices in the same manner as desktop computers
  • Stick to reputable app stores
  • Be aware of clicking on in-app ads and notification messages
  • Trust your instincts – if the app or offer seems too good to be true, it probably is
  • If you think you may have been charged without consent or you may have downloaded smartphone malware that abuses premium rate services, contact PhonepayPlus on 0800 500 212

PhonepayPlus' Chief Executive, Paul Whiteing, said: "We know regulation works and that major malware attacks involving premium rate have so far happened in regions with less-rigorous regulation. However our best defence against mobile malware is working together with industry, security experts, the police, consumer groups and government to protect consumers."

More stories

Read Full Story