Google gets rid of 22 malware-infected applications found in the company’s official Android Market this week according to Lookout Security. This is in addition to the over 100 malicious applications it has already removed from its distribution channel within the year. Dubbed as “RuFraud” by the San Francisco-based security company, the fake applications send text messages to premium numbers pretending to be popular games like “Angry Birds”, “Cut the Rope”, “Assassin’s Creed Revelations” and “Need for Speed.”
Google was notified by various vendors as well as Lookout Security about the matter and the company immediately pulled the malicious programs from its market. The security company has identified nine malicious applications last week and spotted the other 13 over the weekend. Users are able to download approximately 14,000 fake copies of the games in the emart before Google was able to yank the programs.
According to Lookout, RuFraud makes use of elements found in legitimate applications just like how earlier malware-infected app campaigns work. These apps are then re-packaged with the malicious code in them. Lookout’s Tim Wyatt said that such elements borrowed from genuine apps include terminology and even identical text.
RuFraud targeted people from Germany, Poland, the United Kingdom, France, Russia, Italy, central Asian countries and other eastern European countries. Accordingly, North America was not affected and targeted by the malware.
Researchers from the Security Company reported that horoscope application were the initial operations ran by RuFraud then it later went on to Android phone wallpapers such as those from the Twilight saga movies. It also posed as accessories to popular games then later to actual fake games.
A spokesperson from Google mentioned that the fake applications most probably declared text message charges to users and also obtained the users’ permission in order to allow the fraudulent programs to send premium text messages. Lookout security also said that such terms could have been “fairly hidden” luring users into the scheme.
Wyatt pointed out that Google responded quickly, taking minutes from notification to removing the malicious apps. On the other hand, security experts kept firm in their regular stance of criticizing Google over its lax system of scanning applications for the Android Market. Researcher Vanja Svajcer from Sophos, an antivirus vendor expressed their constant remarks over Google’s relaxed requirements for Android developers.