A Latvian firm has been fined after it used malicious apps on the Google Play app store to con users out of money with premium text messages.
The apps, which appeared on Google Play at the end of last year, were designed to look like popular games like Angry Birds, Cut The Rope and Assassin’s Creed.
When smartphone users downloaded what they thought were the popular game titles, the Trojan attack would access their devices and send three premium rate text messages.
Users had no knowledge of the three premium rate texts, which would be sent every time the app was accessed – costing users £15 each time.
Many users attempted to access the app multiple times before they realised it was not the real deal. The most any single user is thought to have lost is around £80.
More than 1,000 people are thought to have been targeted by the scam, losing a collective £28,000. After receiving a number of complaints from users, regulator PhonepayPlus has fined a Latvian firm £50,000 and ordered it to refund users the £28,000 they lost.
More threats to smartphone users
While everyone affected will get their money back, the scam highlights the risk posed to smartphone users by cybercriminals who are constantly developing different ways of accessing devices to steal money.
“It is hectic. These guys are coming up with more and more sophisticated malware,” Nitin Lachani, a researcher at PayphonePlus, told the BBC.
“There is a wider issue here. There is malware out there which can gain total access to your phone. A cyber criminal could then deliver apps to your phone which could tap into your phone calls, your messages.”
Google removed the malicious app from Play as quickly as possible. But it does not screen apps before they are uploaded, meaning Android users could find themselves out of pocket by downloading an innocent-looking app.