Adult Voice-Service Apps on Google Play Japan Charge Users Without Notice

McAfee has reported on increasing fraudulent Android applications on Google Play in Japan this year, including one-click fraud applications and fraudulent adult dating service applications. The attackers are still looking for new victims using various techniques.

We have also found a new variant of the one-click fraud application that lures careless users into adult voice-connection services to listen to adult stories and later charges a large amount of money without prior notice.

 

20130709-gp-voice-fraud-applist

 

This new variant tricks users into dialing a specific phone number with the device’s standard dialer using a tel:// URI scheme, rather than using telephony APIs for automatic dialing. There is no information about billing for this service; the web page offers just “Listen Now.” By tapping on the button, the dialer application is launched with a preset phone number.

 

20130709-gp-voice-fraud-appdialer

 

Careful users might notice that the Web page has a link to ‘information’ page (‘i’ icon) which includes the terms and conditions. It says the user need to pay money for annual fee if he dials the number even only once. But we can easily imagine most of users will not visit the page because it is clear that the link to the informational page is intentionally difficult to find.

 

20130709-gp-voice-fraud-infopage

 

Once the user dials the phone number and connects to the service, he can hear recorded automatic voice guidance about how to use the service. If the user selects a channel, a recorded “story” plays. There’s no explanation about billing.

When the user next dials the service, the recorded voice talks about billing for the first time. It says the user should go to the informational web page and follow the instructions to pay for the service. If users ignore the payment request, they will get a phone call from the service after a few weeks that says they have not paid and that the service will resort to legal procedures if they will not pay the fee. It also says users must call or email the service to request cancellation in case they have dialed the number by mistake. Of course, you should never pay money for such invalid billing nor call and talk with the fraudster. Just ignore it.

In Japan we have had similar issues related to fraudulent adult voice services long before. An example is the “One Call Fraud,” in which the fraudster dials the victim’s number and quickly hangs up (hence “one call”) expecting that the victim will call back. If so, the fraudster demands payment for the service. We rarely see such traditional fraudulent voice services today, but we could see their revival as smartphone applications.

We first found the current variant around the end of June; these apps were deleted from Google Play at our request. But the same variant has appeared again just today. We estimate that the number of downloads is not yet large, according to statistics on Google Play.

McAfee Mobile Security detects these applications as a variant of Android/OneClickFraud malware and also blocks accesses to the fraudulent website.

The post Adult Voice-Service Apps on Google Play Japan Charge Users Without Notice appeared first on McAfee Blogs.

Android Malware Set for July 4 Carries Political Message

McAfee Mobile Security has identified a new Android Trojan embedded in a pirated copy of an exclusive app from rapper Jay Z. We suspect the malware author is attempting to go after the demand for the app Magna Carta Holy Grail on pirated sites. The legitimate app has been released exclusively for Samsung devices on Google Play.

On the surface, the malware app functions identically to the legit app. But in the background, the malware sends info about the infected device to an external server every time the phone restarts. The malware then attempts to download and install additional packages. The only visible indication that a user is infected comes via a time-based trigger that is set to activate on July 4, Independence Day in the United States. On that day, the malware will replace the wallpaper on the infected device with an altered image (below, second from right) of President Obama that comments on recent events in the United States. Based on the political message and the fact that it was embedded in an app that coincides with the release of Jay Z’s latest album, we suspect the Trojan was recently introduced into the wild.

image1

The image and the service name NSAListener suggest a hacktivist agenda, but we haven’t ruled out the possibility that additional malware may target financial transactions or other data.

Mobile malware seems to have no bounds when it comes to tactics or growth rates. To paraphrase lyrics from Jay Z, it seems Android malware has 99 problems and Android/AntiObscan just became another. We recommend that you always be cautious when downloading apps from unknown sources and keep your security product updated.

 

The post Android Malware Set for July 4 Carries Political Message appeared first on McAfee Blogs.