Google removes 29 data stealing apps from Google Play

April 17, 2012
3
88
28 48 12

In its ongoing battle with malicious app writers, Google has removed 29 apps from Google Play that harvested email addresses and phone numbers and uploaded them to remote command servers. Symantec has so far identified 29 apps that targeted the Japanese market. All of the 29 apps share common code and it is believed that one group is behind all of the apps.

The first app in the series appeared in Google Play in early February and was followed by a series of seemingly random apps, from a contact management app to a diet assistant app. However, the apps proved unpopular and did not receive many downloads. Then, in late March, a group of apps with titles all ending in “the Movie” began to appear. These apps are designed to mimic popular games in Japan and play a video about the game. These apps proved much more popular, and it is estimated that between 70,000 and 300,000 users installed at least one of the apps.

Once the malicious app is installed, it connects to a server and downloads the video file related to the game. But, at the same time, it also uploads all the contact information, including names, phone numbers, and email addresses, of all the people in the phone’s address book. Considering that the average smart phone address book contains between 50 and 75 contacts, this means that potentially over 2 million names, phone numbers, and email addresses have been stolen. It is assumed that these details will be sold to spammers or used in attempts to steal individual identities and commit some kind of financial fraud.

“According to Yomiuri Online, the Tokyo Metropolitan Police Department has begun investigating this incident and is attempting to track down the developers,” wrote Joji Hamada of Symantec.

Links to Android.Oneclickfraud malware?

The server used to collect the stolen contact information is the same server that was used to distribute variants of the Android.Oneclickfraud malware. This unpleasant malware opens a web page and attempts to coerce the user into using a pornographic service for a fee. Is this just a coincidence or are the same group responsible for both?

The Tokyo police are on the case, and it can only be hoped that the criminals are caught soon. As always, remain vigilant about what you download, from where you download it, and what permissions the app requests.

Comments