Security vendor Symantec says Google Play has been flooded by a new type of scam app in recent months. Some of these apps demand users pay “subscription” fees as high as $3,000.
PCWorld’s Jeremy Kirk reported, “A steady stream of questionable applications is flowing daily into Google’s Play store for Android devices, according to security vendor Symantec. Over the last seven months, Symantec found more than 1,200 suspicious applications in the Play store. Google removes many shortly after they’re published, but others stay in the store for a few days.”
In his blog post, Symantec’s Joji Hamada wrote, “Although they have short lives, the apps must provide ample profit for the scammers as they show no signs of halting their development of new ones. Their tactic of abusing the search function on Google Play allows their apps to be easily bumped to the top of keyword searches. A test search carried out by Symantec resulted in 21 out of 24 top hits being malicious apps.”
InformationWeek’s Matthew J. Schwartz explained, “To be clear, one-click fraud — also known as one-click billing fraud — is an attempt by criminals to trick people into parting with their money. ‘In this scam, a person browsing the Internet is suddenly informed they have just agreed to pay a registration fee after simply clicking on a link,’ according to a 2010 research report published by a team at Carnegie Mellon University’s Information Networking Institute. ‘They do not owe any money legally, but they pay the scammer out of feelings of shame for clicking on the link — typically for pornographic material — and to avoid further embarrassment if others were to mistakenly assume they subscribed to such material.'”
The Full Signal’s Marin Perez commented, “You’re never going to be able to rely on a single app store to weed out all the bad actors, particularly when the fraud involves multiple steps. Users have to become a bit more educated about what they’re downloading to their phone and why.”