Over the last seven months, Symantec found more than 1,200 suspicious applications in the Play store. Google removes many shortly after they’re published, but others stay in the store for a few days.
“Although they have short lives, the apps must provide ample profit for the scammers as they show no signs of halting their development of new ones,” wrote Joji Hamada of Symantec.
The applications can be difficult to assess and employ a series of manoeuvres and layers in order to attempt to rip off users.
Hamada wrote one application aims to get users to subscribe to an online adult video site at a cost of more than $3,000 a year. The application’s sole purpose is to launch a link to an adult website.
The website then asks the user to register in order to play videos. An email form is drafted, and the user is asked to hit send. The email, sent to the user, contains a link to another service on a different website.
This time, the user is prompted to enter a password. If that button is clicked, the phone is supplied with a number. When called, the number gives out a password. The person is then given registration details and told of a ¥315,000 ($3,200) annual fee that is due within three days.
Applications that launched only links “can be almost impossible for any system to confirm anything malicious,” Hamada wrote.
“The manual steps required in this scam is another strategy used to keep the apps on the market as long as possible,” Hamada wrote. “Human analysis may be the only way to discover these sorts of apps.”
Apple closely examines applications submitted for its App Store, which has kept its marketplace relatively free of malware. Google also scans applications in the Play store. It also added a feature to the latest 4.3 version of the Android OS that scans any application for malicious code.
More than 100 applications similar to the adult videos one have been published on Google Play since the beginning of the month, Hamada wrote. Thirty applications from three developers are still in the market.
Symantec informs Google when it finds such applications, he wrote, but the scam applications flow into Play daily. Many of the applications float into some of the top keyword searches, apparently as the result of abuse of Play’s search function.