Download Free
Learn MoreUpdate: RuFraud: European Premium SMS Toll Fraud on the Rise
Update: Since this post was first published on December 11th, Lookout detected 5 additional RuFraud apps in the Market. As of December 13th, 27 applications have been found to contain instances of RuFraud. See below for the full list of apps.
There has been a rash of premium SMS toll fraud apps in the last few months that have primarily targeted users in Europe. These apps have often purported to be downloaders for well-known third party software (often freely available software such as Opera Mobile), and have primarily been found on file sharing sites and alternative markets.
Just this week there have been several waves of a new threat, RuFraud, posted to the official Android Market. The initial batch appeared as horoscope apps with a fairly hidden ToS indicating charges. The initial application activity presents the user with a single option to continue, which is presumed to be an agreement to premium charges that are buried within layers of less than clear links. The Premium Short Codes used could affect users in Russia, Azerbaijan, Armenia, Georgia, Czech Republic, Poland, Kazakhstan, Belarus, Latvia, Kyrgyzstan, Tajikistan, Ukraine, Estonia as well as Great Britain, Italy, Israel, France, and Germany. North American users were not affected as the fraudulent SMS code is gated on the user’s country (as indicated by their SIM).
In the last week we have notified Google of 9 identical applications that were skinned to appear more appealing to potential users: three wallpaper apps for popular movies (including Twilight), and three apps purporting to be downloaders for popular games such as Angry Birds and Cut the Rope. Google responded quickly to our reports and pulled these apps from the Android Market. At the time of removal these applications had only been downloaded by a handful of users, and the severity of the threat was still very low.
Overnight, the fraudsters have posted 13 new supposed downloaders to the Android Market, once again positioned as free versions of popular games. It appears that these apps may have reached a broader audience while published to the market: we estimate upwards of 14,000 downloads of these apps. Google responded to reports from Lookout and others by pulling these apps from the Market. We’ve deployed an over-the-air update that protects Lookout users from all known instances of RuFraud.
The full list of applications (with package name) that have been found to contain instances of RuFraud (sorted by developer) include:
Corazon LLC:
- Horoscope (horoscope.android)
- Horoscope (com.corazon.horoscope)
Corelly LLC:
- Horoscope (com.corelly.horoscope)
Ranzy LLC:
- Twilight (com.Twilight.wallpapers)
- Puss in Boots (com.Puss.Boots.wallpapers)
- Moneyball (com.Moneyball.wallpapers)
Astrolog LLC:
- Sim City Deluxe FREE (com.astrolog.sim.city.deluxe.free)
- Need for Speed Shift FREE (com.astrolog.need.forspeed.shift.free)
- Great Little War Game FREE (com.astrolog.great.little.war.game.free)
Logastrod:
- Cut the Rope (com.Cut.the.Rope)
- Angry Birds (com.Angry.Birds)
- Assassins Creed (com.Assassins.Creed)
- Talking Tom Cat (com.Talking.Tom.Cat)
- NEED FOR SPEED Shift (com.nsf.Shift)
- Where is My Water? (com.swampy.Water)
- Great Little War Game (com.Great.little.War.Game)
- World of Goo (com.World.Goo)
- Shoot The Birds (com.Shoot.The.Birds)
- Riptide GP (com.Riptide.GP)
- Talking Larry the Bird (com.Talking.larry.Bird)
- Bag It! (com.Bag.It)
- Talking Larry the Bird (com.Talking.Larry.Bird)
- Angry Birds (com.Angry.Birds.free)
Allwing Concept:
- TETRIS (com.tetris.free)
- Pool Master Pro (com.Pool.Master.free)
- Reckless Racing (com.Reckless.Racing.free)
- Paradise Island (com.Paradise.Island.free)
© 2012 Lookout, Inc. All rights reserved. Patents pending.
[...] have been several waves of a new threat, RuFraud, posted to the official Android Market,” writes Lookout in an informative blog post this weekend. ”The initial batch appeared as horoscope [...]
[...] of a new threat called RuFraud, disguised as horoscope apps with a sketchy ToS indicating charges, explains Lookout in a blog post over the weekend. Lookout alerted Google of the nine apps they identified, [...]
[...] there have been several waves of a new threat, RuFraud, posted to the official Android Market,” writes Lookout in an informative blog post this weekend. ”The initial batch appeared as horoscope apps [...]
[...] of a new threat called RuFraud, disguised as horoscope apps with a sketchy ToS indicating charges, explains Lookout in a blog post over the weekend. Lookout alerted Google of the nine apps they identified, [...]
[...] Lookout Mobile Security posted about RuFraud on its website, which appeared in batches of horoscope, wallpaper and games apps that used pop culture appeal in conjuring Angry Birds and “Twilight.” [...]
[...] Lookout Mobile Security posted about RuFraud on its website, which appeared in batches of horoscope, wallpaper and games apps that used pop culture appeal in conjuring Angry Birds and “Twilight.” [...]
[...] there have been several waves of a new threat, RuFraud, posted to the official Android Market,” writes Lookout in an informative blog post this weekend. ”The initial batch appeared as horoscope apps [...]
[...] Lookout Mobile Security posted about RuFraud on its website, which appeared in batches of horoscope, wallpaper and games apps that used pop culture appeal in conjuring Angry Birds and “Twilight.” [...]
[...] of a new threat called RuFraud, disguised as horoscope apps with a sketchy ToS indicating charges, explains Lookout in a blog post over the weekend. Lookout alerted Google of the nine apps they identified, [...]
[...] apps were downloaded about 14,000 times, researchers at mobile security firm Lookout, wrote in a blog post [...]
Hi
I live in Canada, Southern Ontario to be exact. I was recently charged $30Canadian on my Koodo phone bill for premium text messages that I was sure I did not sent. Does anybody have an idea of how I might be able to recover this money. I have since removed all apps from my phone that are not directly from Google Inc. I have an LG Optimus One.
……..I did not send….
[...] a maker of mobile security apps, noticed the malicious Android apps, masquerading as horoscope apps, wallpapers and downloaders for popular games such as Angry Birds [...]
[...] apps were downloaded about 14,000 times, researchers at mobile security firm Lookout, wrote in a blog post [...]
[...] Mobile, a security firm focused on the smartphone, alerted Google to applications in its Android store posing as innocuous apps, but are really charging your phone [...]
[...] a maker of mobile security apps, noticed the malicious Android apps, masquerading as horoscope apps, wallpapers and downloaders for popular games such as Angry Birds [...]
[...] Lookout informed Google οf nine RuFraud apps іn thе last week, аll οf whісh wеrе removed bу Google frοm thе Android Market. Overnight, thе malware makers posted another 13 apps thаt hаνе аlѕο bееn pulled. [...]
[...] Source: Lookout [...]
[...] Source: Lookout [...]
[...] a maker of mobile security apps, noticed the malicious Android apps, masquerading as horoscope apps, wallpapers and downloaders for popular games such as Angry Birds [...]
[...] to premium charges that are buried within layers of less than clear links,” Lookout said in a blog post. “The Premium Short Codes used could affect users in Russia, Azerbaijan, Armenia, Georgia, [...]
@Doug, thanks for your message. You’d mentioned that you had recently seen charges for premium rate text messages appear on your phone bill and you believed it may be RuFraud. You may want to contact your carrier to notify them that you did not send any premium rate text messages. If you have any other questions about about RuFraud, please feel free to contact us: feedback@mylookout[dot]com. Thank you!
[...] Source: Lookout [...]
[...] pulled each fraudulent apps as soon it came to the company’s attention, reported Lookout, the mobile security company that discovered the threat, which it dubbed [...]
[...] users for content messages.Lookout Mobile, a confidence organisation focused on smartphones, alerted Google to applications in a Android store that were posing as innocuous, giveaway apps, yet were [...]
[...] #windowsphone upgrade. #DroidRage” Lookout, a mobile security firm, was responsible for unearthing several Android apps that contained malicious code called RuFraud. The code targets consumers in Asia, Europe, and [...]
[...] Source: Lookout [...]
[...] Google pulled each fraudulent apps as soon it came to the company’s attention, reported Lookout, the mobile security company that discovered the threat, which it dubbed [...]
[...] Mobile, a security firm focused on smartphones, alerted Google to applications in its Android store that were posing as innocuous, free apps, but were really [...]
[...] the weakness of Google’s (almost non-existant) approval process. The malicious apps were spotted by the mobile security company Lookout who then notified Google. In response Google removed the [...]
[...] Source: Lookout [...]
[...] to premium charges that are buried within layers of less than clear links,” Lookout said in a blog post. “The Premium Short Codes used could affect users in Russia, Azerbaijan, Armenia, Georgia, [...]
[...] aparecía una pantalla en la que había que pulsar un icono para continuar. Según explica el blog de la compañía de seguridad Lookout, era en este momento cuando los usuarios se suscribían, sin saberlo, al servicio de [...]
[...] labeled “RuFraud” by mobile security company Lookout have been pulled by Google. In a Sunday blog post, Lookout confirmed it told the Android Market operator about the security exploits prior to the [...]
[...] Source: Lookout [...]
[...] a maker of mobile security apps, noticed the malicious Android apps, masquerading as horoscope apps, wallpapers and downloaders for popular games such as Angry Birds [...]
[...] 'RuFraud' Apps from Android Market December 13, 2011By admin Researchers from Lookout report that malicious mobile applications that seamlessly send SMS messages to premium-rate numbers are [...]
[...] Lookout [...]
[...] Bereits letzte Woche hatte Google damit begonnen, neun Apps aus dem Market zu entfernen. Laut Google sollen sie nur von wenigen Nutzern heruntergeladen worden sein. Die anderen 13 Apps haben es allerdings in großer Stückzahl auf andere Smartphones geschafft. „Wir gehen von mehr als 14.000 Downloads dieser Apps aus“, schreibt Lookout in einem Blogeintrag. [...]
[...] a maker of mobile security apps, noticed the malicious Android apps, masquerading as horoscope apps, wallpapers and downloaders for popular games such as Angry Birds [...]
[...] “These apps have often purported to be downloaders for well-known third party software (often freely available software such as Opera Mobile), and have primarily been found on file-sharing sites and alternative markets,” Lookout warned on its blog. [...]
[...] to premium charges that are buried within layers of less than clear links,” according to a blog post from Lookout, which discovered the malicious [...]
[...] firm Lookout Mobile Security says calls the phenomenon “SMS toll fraud,” which involves applications that appear similar [...]
[...] [via Lookout Mobile] [...]
[...] [via Lookout Mobile] [...]
[...] seen a burst of mobile pickpocketing activity. Last week there were several waves of a new threat, RuFraud, posted to the official Android Market targeting users in multiple European countries. The initial [...]
[...] blog.mylookout.com, diepresse.com Getagged mitabzock apps • android marketm google • angry birds • [...]
[...] Erkenntnissen der IT-Sicherheitsexperten von Lookout, sind von den illegalen Apps vor allem Nutzer in Deutschland, Frankfreich, Italien, Großbritannien [...]
[...] “Wir gehen von mehr als 14.000 Downloads dieser Apps aus”, schätzt Lookout auf seinem Blog. Eine Auflistung aller bisher bekannten Abzock-Apps, könnt ihr euch ebenfalls auf Lookouts Blog [...]
[...] Android-Smartphones gefährlich wie nie: Unbekannte Android-Apps begehen jetzt auch in Deutschland SMS-Betrug(The Official Lookout Blog) [...]
[...] of apps from the Android Market because they trick European users into paying premium SMS charges. According to the mobile security firm Lookout, Google has removed 22 apps from the market for essentially being wrappers around a new RuFraud [...]
[...] blog post last week from Lookout describes how the RuFraud apps work to steal money from users. “The initial batch [...]
[...] Taschendiebstahl wahrgenommen. Letzte Woche hat es mehrere Wellen einer neuen Bedrohung gegeben, RuFraud, die über den offiziellen Android Market Benutzer aus mehreren europäischen Ländern Kummer [...]
[...] "As mobile devices grow in popularity, so do the incentives for attackers." Mobile threat report from security firm Lookout worth reading if you want to get a sense of the scale of threat out there. Read also Lookout's latest report on SMS toll fraud apps: potential threat no matter what your mobile platform http://blog.mylookout.com/blog/2011/12/11/european-premium-sms-fraud/ [...]
[...] doesn’t even take care of the so-far 5 additional applications discovered by security blog My Lookout, who first alerted Google to the [...]
[...] of malicious apps are down 40 percent between the first and second half of 2011, seeing that 14,000, 30,000, or even 260,000 devices have been affected by this or that malicious app requires action. [...]
[...] of malicious apps are down 40 percent between the first and second half of 2011, seeing that 14,000, 30,000, or even 260,000 devices have been affected by this or that malicious app requires action. [...]
[...] of malicious apps are down 40 percent between the first and second half of 2011, seeing that 14,000, 30,000, or even 260,000 devices have been affected by this or that malicious app requires action. [...]
[...] of malicious apps are down 40 percent between the first and second half of 2011, seeing that 14,000, 30,000, or even 260,000 devices have been affected by this or that malicious app requires action. [...]
[...] attention, ѕауѕ іt hаѕ ѕіnсе learned a further five RuFraud apps іn thе Android Market, bringing thе total app count tο [...]
[...] blog post last week frοm Lookout ԁеѕсrіbеѕ hοw thе RuFraud apps work [...]