There has been a lot of debate over traditional text messaging versus messaging apps, and with the latest round of app hacks, you might think twice before turning to an app for your texting needs. Panda Security (News - Alert), a provider of cloud security solutions, has released information about malicious apps on Google Play that sign up users to premium SMS subscription services without their knowledge.
Luis Corrons, technical director of PandaLabs, revealed that fraudsters are making insane amounts of money from premium services. Even if the amount lost by each user is small, the total amount that fraudsters amass is phenomenal.
To date, this type of malicious activity has affected about 300,000 users, but officials feel that the activity may have compromised accounts of as many as 1.2 million users. Malicious apps that have been identified include “Easy Hairdos,” “Abs Diets,” “Workout Routines” and “Cupcake Recipes,” which can all be downloaded on Google (News - Alert) Play.
When any app is installed by a user who has accepted the terms and conditions of use of the service, the app will display a series of tips about the downloaded app. Without the user’s knowledge the app will locate the phone number of the mobile device. Using this detail it connects to a Web page and signs up to a premium SMS subscription service.
The phone number is ‘stolen’ from the user’s device using WhatsApp. When WhatsApp is signed into by a user, the malicious app gets the phone number and uses it to synchronize the account and proceed with malicious activity.
Even if subscribers have installed security solutions on their devices, they have to read the list of permissions that apps request before installing them and reject unnecessary ones. The Panda Mobile Security “Privacy Auditor” feature has been developed to classify apps that require permissions to sign up users for premium SMS services, and puts them under the “Cost Money” category—where they can be deleted easily.
“Not every app that is included in that category is malicious, as it may need access to calls or SMSs to fulfill its primary function. Having said that, any app with permissions to act in the described manner could be considered dangerous, and if the user sees apps with permissions they should not have, they should remove them immediately,” Corrons said.
It’s important to pay attention when you download any app from an app store, but Panda’s new report should open consumers’ eyes to the increasingly prevalent threats out there. At the end of the day, it might be safer and easier to ditch the latest messaging apps, and stick with a good old fashioned text message.
Edited by Alisen Downey