Infected Google Play Apps Out to Steal Millions

Given how many apps are available in the Google Play app store, it's no surprise that there's some malware present. Seldom do malicious apps strike it as big, however, as four recent exploitative apps that made their way to 300,000 phones and may have stolen millions of dollars from unsuspecting users.

Panda Labs, the research division of Bilbao, Spain-based anti-virus software maker Panda Security, found four free Spanish-language apps in the Play Store that came packaged with a premium short message service (SMS) scam.

The four apps, whose names roughly translate to Abs Diet, Cupcake Recipes, Easy Hairdos and Workout Routines, appear to have been removed from the Play Store since Panda Labs posted its report yesterday (Feb. 13).

After installing any one of these apps, users are required to agree to in-app terms of service before accessing its features. By using a clever visual trick, accepting these conditions actually registers the user's phone number with premium SMS services. He or she will start receiving expensive text messages, with no easy option to opt out.

MORE: 13 Security and Privacy Tips for the Truly Paranoid

The researchers at Panda Labs estimated that the average scammed user gets charged $20 by these apps. Somewhere between 300,000 and 1,200,000 users downloaded them, and Panda Labs guessed the scammers could have racked up somewhere between $6 million and $24 million from unsuspecting users.

If you have downloaded one of these dubious apps, you may not be entirely out of luck. In order to retrieve phone numbers, they extract information via WhatsApp. This popular messaging program is harmless by itself, but when taken advantage of, it can disclose user information to exploitative programs.

Uninstalling WhatsApp is not necessary, however. Instead, if you've downloaded one of these scam apps, uninstall the offending app instead. If possible, run an Android malware scan to get rid of any residual traces still lingering on your phone or tablet.

Unsubscribing from premium SMS scams is a little tougher. Often, just texting STOP back will end them, but some services charge users money for sending texts as well as receiving them. Once you've determined which service has you in its thrall, look it up online and see what the safest and cheapest way to get out of it is. Your wireless carrier may be able to help and negate the charges.

Beyond that, be wary of any app with an incredibly vague name, or one that makes you agree to terms and conditions beyond the initial download. Check the permissions that each app asks for before you install it – there's no reason a dieting or recipes app would need to access SMS messages.

An app that asks for too many permissions isn't necessarily malware, but it's much more likely to be than an app from a major company that lets you know what it expects up front.

Follow Marshall Honorof @marshallhonorofand on Google+. Follow us @tomsguide, on Facebook and on Google+.

Create a new thread in the Streaming Video & TVs forum about this subject
This thread is closed for comments
No comments yet
Comment from the forums
    Your comment