Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Security Response

Japanese One-Click Fraud Campaign Comes to Google Play

Created: 01 Apr 2013 13:40:49 GMT • Updated: 23 Jan 2014 18:08:29 GMT • Translations available: 日本語
Joji Hamada's picture
0 0 Votes
Login to vote

One-click fraud refers to a scam that attempts to lure users interested in adult-related video to a site that attempts to trick them into registering for a paid service. For many years, it has been common to see this type of fraud on computers. As smartphone usage has increased, so has the number of these types of scams on smartphone devices. People typically come across these scam sites by searching for things that they are interested in or by clicking on links contained in spam messages. We also witnessed the advent of one-click fraud Android apps just over a year ago and those apps can now be found on Google Play.

dev7.png

Figure 1. One of the developers hosting the apps

app_page1.png  app_page2.png

Figure 2. Two examples of one-click fraud apps

The apps can easily be found on Google Play through keyword searches in the same manner as an Internet search. For example, entering Japanese words related to pornographic video results in one of these apps being at the top of the search results at the time of writing. Typically, the apps only require the user to accept the “Network communication” permission, although some variants do not require the user to accept any permissions. This is because the app is simply used as a vehicle to lure users to the scam by opening fraudulent porn sites. The app itself has no other functionality. This may fool users into feeling safe about the app and catch them off guard when launching the app.

no_permission.png  one_permision.png

Figure 3. Typical permissions requested by the apps

The first variant of this type of app that we have seen appeared in late January, although it is possible that apps were released earlier than this. From then on, the apps were published by different developers each time and the number of apps steadily grew though many were removed from Google Play at one point for unconfirmed reasons. We are now seeing multiple developers fiercely publishing apps in bulk on a daily basis. We have so far confirmed over 200 of these fraudulent apps published by over 50 developers, although it is likely that more exist. These apps have been downloaded at least 5,000 times in the last two months. As far as victims go, we are not aware of how many of these users actually paid money to the scammers; the “service” costs about 99,000 yen (approximately US$1,000). It certainly must be worth the time and effort for the scammers as they have continued doing business for over two months.

siteA.png  siteB.png  siteC.png

Figure 4. Examples of sites that the apps open

regist.png

Figure 5. Registration page that is displayed when attempting to view a video

Interestingly, it appears that the scammers are not only interested in one-click fraud. A couple of the developers we have come across also publish dating service apps. It is not surprising to see scammers involved with both one-click fraud apps and dating service apps because these types of dating services are typically considered dodgy in Japan.

dev_mix.png

Figure 6. Scammer publishing both a one-click fraud app (far right) and dating service apps

Symantec detects the apps discussed in this blog as Android.Oneclickfraud. When looking for apps, we recommend downloading them from trusted sources regardless of where the apps are hosted or found. Installing a security app, such as Norton Mobile Security or Symantec Mobile Security, on your device is a good idea to keep your device protected as well. For general safety tips for smartphones and tablets, please visit our Mobile Security website.