More and more cybercriminals are attempting to cast fraudulent 'apps' in the Google Play Android store. If you download them you can be subscribing to a premium SMS service without knowing it.
Many do not reach age 30 and write spelling mistakes, but drive expensive cars and post on Facebook videos of luxury hotels they call. They are worthy representatives of a national computer crime that lives in the diffuse border that separates the aggressive marketing of the fraud. Among its most profitable businesses, subscribing people to special pricing services without being aware, using supposedly official applications. But some have passed and the Civil Guard is now looking for you.
At the end of last year, the Guardia Civil alerted about an Android app called "Big Brother 17", which was offered on Google Play as legitimate. But it was actually fraudulent. The program subscribed to its victims to an SMS service of payment, with a cost of 1.45 € per SMS received. It was only a week in Google Play, which was withdrawn when the 'cake' was discovered, but at this time more than 10,000 users downloaded it. Its authors are a band that could be from Barcelona. The Civil Guard began an investigation and this one is still open, as the police confirmed to Teknautas.
Sergio de los Santos, director of innovation and laboratory area of ElevenPaths, has been investigating this type of bands and applications. Together with Kaspersky Labs, they released a report on the Big Brother app and how the cybercriminals put it on Google Play: they first uploaded a clean version, which passed the controls with no problem. A few days later, they updated the application and there added the possibility of being able to subscribe to payment services.
This is an old trick, which would also have gone up other applications last year, as Big Brother 16 and Big Brother VIP. The first managed to stay two months in Google Play undetected and was downloaded 50,000 times. Now, warns Sergio de los Santos, the discharges are not synonymous with victims: "Being cautious, it is possible that 10% would subscribe for at least a month, because normally does not warn the fraud until the invoice arrives to them."
According to Vicente DÃaz, senior analyst at Kaspersky Lab, "the scam sending SMS to premium numbers was one of the first forms of monetization that used 'malware' for Android." In some countries, such as Spain, this scam has become very popular because no documentation is needed to contract the service. At first, the victim just had to give his phone number and multiple tricks were invented to do it: in exchange for participating in a contest, to download a file, when responding to an SMS.
Official 'Apps' (which are not)
Fraudulent 'apps' are the latest trick of the saga. In Spain there is and there has been enough activity with these scams. We have come to know up to three bands, one in the south and others in the Spanish east, explains Sergio de los Santos. The key is to use applications with very popular themes, such as television programs, pornography, cooking recipes, games, love tests, jokes, antivirus or a flashlight that lights more than any.
Part of the creators and broadcasters of these applications are independent bands, operating with premium SMS companies who prefer not to know how subscriptions are collected. They tend to be good programmers familiar with advanced Android programming, because "by having to subscribe to the victim in the most hidden way possible and forced to be programmed not to be detected by Google or by antivirus, they have to innovate," he explains. the Saints.
Recently, the researcher detected what appeared to be the message of one of these programmers in a forum, where he asked for help "while the application is open, camouflage as much as possible the reception of the SMS, prevent the mobile phone ringing or vibrate when receiving the SMS and delete it after answering".
Every hindrance to these scams is a new challenge for programmers. For example, to register a paid SMS service, the law now obliges to send a PIN to the applicant, who must respond by sending the same PIN to confirm that he does want the subscription. The trick: the 'app' processes the message, searches the PIN inside, creates a new message and sends the confirmation response in less than a second, without the user noticing anything.
The same goes for Google Play quality control, increasingly demanding. "In Spain it seems that there is a great ability to paste 'apps' in Google Play", says of the Saints. Proof of this are the aforementioned programs on Big Brother and other strategies, such as the use of JavaScript instead of Java, which the Saints calls "a technical move to take off his hat."
The Spanish programmers also emphasize when developing techniques to maintain the subscription without the victim realizes, explains the researcher: "To prevent you realize that you are subscribing to the horoscope of the day, every incoming message of this service 'Put the phone in silence and change the date of the SMS, so that the message silently sinks in the inbox of your SMS.
The small print
Alongside these blatantly 'dirty' businesses coexists a gray area, that of companies that operate premium SMS and create their own 'apps'. These warn in very very small letter of the subscription to the service. According to Santos, maybe it's not 'malware' as such, but it's certainly not seen by users or Google Play.
Big Brother's "apps" would enter this field because they included a "Terms and Conditions" text that would have given them a patina of legality, although according to the report of Kasperksy and ElevenPaths, "we could not verify that this information was shown to the Users, and in any case, there is no opportunity to reject this agreement and not to subscribe. "
Being on the border between legitimate business and fraudulent activity, these 'apps' test Google Play's automatic detection systems, which often causes them to enter, even after they are retired. The time they have spent in the official market will have been enough to collect a good number of downloads and be profitable.
As explained by ElevenPaths and Kaspersky Lab in this report, the Big Brother applications being investigated subscribed the user to a service promoted by Yourmob.com, which in Linkedin describes itself as "Spanish company specialized in mobile technology, with activity in 7 countries of the world, since 2014 develops innovative solutions for the distribution, promotion and monetization of digital content ". On their Facebook page they look for Android programmers.
Hismob is from Madrid although, according to de los Santos, where more companies are concentrated this type is "in the area of Castellón and Levante." In principle they are legal, there is public information about them, they have CIF, but most of the 'apps' that subscribe to these services are detected as "SMS malware" and their domains, as the report explains, as Malicious for distribution of 'adware' and 'malware'.
These companies are called interactive marketing, a euphemism that could include non-voluntary subscriptions to premium SMS, telephone and email spam. They are legitimate, but sometimes they can break through that subtle line that differentiates the subscription app from 'More aggressive' adware, explains ElevenPaths researcher. Behind them are companies that reroute numbers to third parties to win subscribers, no matter how they get them.
In 2015, the Civil Guard detained those responsible for the largest fraud plot through SMS pay in Spain, with 2.4 million affected. The band, led by two brothers from Alicante, spent 10 years operating, with a profit of 22 million, 14 screen companies, six local and dozens of workers. Although his business was centered on sending SMS messages with hook for the victims to respond, they also used malicious apps.
In 2015, the Civil Guard detained those responsible for the largest fraud plot through SMS pay in Spain, with 2.4 million affected. The band, led by two brothers from Alicante, spent 10 years operating, with a profit of 22 million, 14 screen companies, six local and dozens of workers. Although his business was centered on sending SMS messages with hook for the victims to respond, they also used malicious apps.
There are several corpuscles that from 2011 to 2015 have created many undercover subscription apps and have distributed them, explains de los Santos. When they get the app on Google Play, they use fraudulent positioning techniques to make it visible: fictitious positive comments, inflated downloads, etc. This same script followed the Spanish creators of the false applications of Big Brother.
The police can not act in these cases if there are no complaints. Maybe it's this, or the youth, that makes you feel immune, which makes Facebook photos smile at those low-level computer criminals in their pool villas built thanks to the "gray marketing" of mobile apps, Social networks and anything that sounds like easy money on the net.
The police can not act in these cases if there are no complaints. Maybe it's this, or the youth, that makes you feel immune, which makes Facebook photos smile at those low-level computer criminals in their pool villas built thanks to the "gray marketing" of mobile apps, Social networks and anything that sounds like easy money on the net.