Unsuspecting victims of fake versions of Angry Birds, Assassin’s Creed and Cut the Rope, posted on third party Android app stores, will be getting their money back, after the UK phone regulator PhonepayPlus took action against the premium rate number provider, A1 Agregator Limited.
The fake apps contained malware which charged vicitm’s £15 ($23) every time one of the apps was opened. The malware did this by sending three £5 premium rate texts. Once they were sent, the malware hid the sent and received messages that would normally notify the user that the text incurred a charge. The first time victims would know about the scam was when they received their first phone bill.
The scheme was not only limited to UK users, but in fact covered 18 countries. PhonepayPlus fined A1 Agregator £50,000 (about $78,000) and ordered it to make refunds directly to all victims within three months, irrelevant of whether or not they had complained. The company was also banned from running any premium rate services in the UK without express permission from PhonepayPlus. Not only will the victims get their money back, but thanks to the swift action by the regulator, none of the £27,850 collected has reached the cyber criminals.
The fake apps used a known malware called RuFraud and it is estimated that the apps where downloaded 14,000 times. According to PhonepayPlus, the RuFraud attack affected 1,391 mobile numbers in the UK.
The popularity of third party app stores can perhaps be understood in geographical areas like China or Russia, where maybe users are expecting apps exclusively in their own language. But why would 1,391 users in the UK download apps from untrusted sources?
Do you use a different store other than Google Play? Why do you use it? Please let me know by leaving a comment below.