UK company involved in fake apps scam fined $78,000, told to refund money

by: Gary SimsMay 25, 2012
2 32 3

Unsuspecting victims of fake versions of Angry Birds, Assassin’s Creed and Cut the Rope, posted on third party Android app stores, will be getting their money back, after the UK phone regulator PhonepayPlus took action against the premium rate number provider, A1 Agregator Limited.

The fake apps contained malware which charged vicitm’s £15 ($23) every time one of the apps was opened. The malware did this by sending three £5 premium rate texts. Once they were sent, the malware hid the sent and received messages that would normally notify the user that the text incurred a charge. The first time victims would know about the scam was when they received their first phone bill.

The scheme was not only limited to UK users, but in fact covered 18 countries. PhonepayPlus fined A1 Agregator £50,000 (about $78,000) and ordered it  to make refunds directly to all victims within three months, irrelevant of whether or not they had complained. The company was also banned from running any premium rate services in the UK without express permission from PhonepayPlus. Not only will the victims get their money back, but thanks to the swift action by the regulator, none of the £27,850 collected has reached the cyber criminals.

The fake apps used a known malware called RuFraud and it is estimated that the apps where downloaded 14,000 times. According to PhonepayPlus, the RuFraud attack affected 1,391 mobile numbers in the UK.

Why are users downloading from an untrusted source?

The popularity of third party app stores can perhaps be understood in geographical areas like China or Russia, where maybe users are expecting apps exclusively in their own language. But why would 1,391 users in the UK download apps from untrusted sources?

Do you use a different store other than Google Play? Why do you use it? Please let me know by leaving a comment below.

  • Bkdraper

    Nvidia has its own app store that showcases games that show off the capabilities of Tegra2/3 processors and I’ve downloaded from it a couple times, Sprint has its own app store that I’ve downloaded from a couple times. Same with Asus and I think Samsung. I build for companies that host their own app store. Why download from any of them instead of just always from the Play Store? Because they’re there. No other profound reasoning than that. I would imagine that other people install from less reputable app stores just as a way of side-loading an app that the Play Store wont allow on their phone or to Warez a premium app.

  • gstoltzfus

    Kodi is probably the most downloaded untrusted apk. Other media vendors Dont like it because it finds all free source media that many of them are trying to package as pay media. It is wrong to assume that any apk not on a list is not there because of security concerns. All to often greed is involved.