Malicious apps spread via Google Store packaged with premium SMS scam

Pierluigi Paganini February 16, 2014

PandaLabs has found at least four free apps in the official Google Play store that are packaged with a premium SMS scam. Already 300000 mobile infected.

PandaLabs security firm has identified malicious Android apps available on Google Play that can sign up users for premium SMS subscription services without user knowledge.  The malware has infected at least 300,000 Android devices, although the number of downloads could have reached 1,200,000.

The security firm identified at least four free apps in the official Google Play store that are packaged with a premium SMS scam, their names are “Abs Diets”, “Cupcake Recipes”, “Easy Hairdos” and “Workout Routines”.
When the “Abs Diet” app has been installed on the user’s device and once victim has accepted the terms and conditions of the service, the application displays a series of suggestions to improve physical fitness and then the app silently search for the phone number of the mobile device, connects to a Web page and signs the victim up to a premium SMS subscription service. 
Very smart is the way the app retrieves the phone number, it steals the number from WhatsApp.

“Without the user knowledge the app will get the phone number of the device, will go to a website and will register it to a premium SMS service. This service require a confirmation to be activated, which means it sends a SMS to that number with a PIN code, which have to be entered back to end the process and start changing you money. This app waits for that specific message, once it arrives it intercepts its arrival, parses it, takes the PIN number and confirm your interest in the service. Then it removes it, no notification is shown in the terminal and the SMS is not shown anywhere. Again, all this is done without the user knowledge.” states the PandaLabs blog post.

android malware SMS


The experts at Panda Labs estimated that the average each victim gets charged by these apps is $20 and considering that overall number of downloads is between 300,000 and 1,200,000, this means that the cyber criminals could have made between $6 million and $24 million.

It’s not the first time that a malware is served via Google Play store, in the past popular banking trojan like Carberp has been spread through the official channel.

Be careful to what you install on your mobile and evaluate the permissions apps need to be installed, they could allow malicious code to cause serious problems.

Pierluigi Paganini

(Security Affairs –  Android, SMS)

you might also like

leave a comment