UK regulator shuts down Angry Birds scam

Angry Birds in space
24 May, 2012

Victims of fake apps will have £15 charge refunded by PhonepayPlus.

Regulators have moved to block a scam that charged users of Android phones £15 each time they opened fake versions of popular apps.

The malware attack, known as RuFraud, hid malicious code in fake versions of popular apps, including Angry Birds, Cut the Rope and Assassins Creed. The fake apps were posted to Android app stores, and hid code that charged users via a premium rate SMS. Most users were defrauded by being charged for three £5 messages each time they opened an app.

However, industry regulator PhonepayPlus, working with anti-malware companies, was able to suspend the text message "shortcode" used by the app, and block any funds from reaching its operator.

In the UK, the RuFraud attack affected 1,391 mobile numbers and £27,850 was taken before PhonepayPlus suspended the shortcode. However, none of this money reached the app developers and will now be refunded.

PhonepayPlus acted against A1 Agregator Limited, which controlled the shortcode, and has fined the company £50,000. The company will also have to make refunds to consumers charged for the apps within three months, whether or not they complain.

The malware was sophisticated enough to suppress sent and received SMS traffic, so the first users knew about the fraudulent charges was when they received their bills.

“We will continue to clamp down on those who wish to take advantage of UK smartphone customers," warned Patrick Guthrie, PhonepayPlus’ Director of Strategy and Communications.

“Mobile apps are a powerful malware delivery technique as most users are willing to allow apps to do anything to get the desired functionality [on their phones]," said Carl Leonard, senior security research manager for EMEA, at IT security firm Websense. "Cyber criminals are beginning to use these malicious apps not only to make a quick buck but to also steal valuable data."