SMS Fraud on the Android Market
Thanks to Masaki Suenaga and Andy Xies for their analysis.
Following the tweet from our @threatintel Twitter account last night about malicious applications targeting users in European countries, Symantec Security Response has identified another group of fraudulent apps on the Android market, but this time under a different publisher ID. From our analysis the 11 newly discovered apps are published under the name “Miriada Production” and are identical to the apps published under the name “Logastrod”. These apps are capitalizing on popular game titles, and masquerade as these games, but in fact they just sends two texts to premium-rate, local SMS numbers in the country where the SIM card is registered. The app also prevents notifications from being displayed if the incoming text is from certain numbers.
Once notified of these apps by Symantec, Google acted promptly and removed them from the Android Market.
The malicious content in all the apps appears to be identical. This suggests both publishers took the malicious code from the same template, or, they are the same publisher using two different names.
Symantec customers are protected, since the apps are detected as Android.Rufraud.