In August, Japanese cybercriminals that specialize in one-click fraud Android apps were very busy. According to Symantec experts, they published close to 1,000 malicious apps on Google Play.The number is significant considering that a total of 2,500 one-click fraud apps were spotted on Google Play since the beginning of 2013 and until August.
Despite the fact that most of these malicious Android applications were removed in less than a day from Google Play, they were still downloaded by a large number of users.
Symantec says the apps published in August were downloaded at least 8,500 times. However, the real number probably exceeds 10,000 downloads.
Most of these Android programs are uploaded by the fraudsters each afternoon, but there are some that are published over the weekend. The ones published then can survive for much longer – in some cases for several days.
As far as Japanese one-click fraud apps are concerned, researchers say that 97% of them are uploaded to Google Play by the same group of cybercrooks.
In August, several new types of fraudulent applications were spotted. However, most of them turned out to be unsuccessful and quickly disappeared.
At least one of these apps has managed to remain on Google Play for a longer period of time, but it hasn’t been downloaded by many users.
When they’re installed, the fraud applications display a number of links that point to adult websites, or scammy sites that attempt to trick users into signing up for paid services.
On the adult websites, when victims try to play the videos, they’re asked to pay a fee. Interestingly, this fee can reach up to $1,000 (€760).
To make sure their applications evade security checks, some legitimate links are also displayed.
“The bad links also lead to a redirector URL that then directs the apps to open whatever sites the redirector is configured with. This allows scammers to easily modify where the apps ultimately lead to on the server side if they are under suspicion of being involved in any malicious activity,” Symantec’s Joji Hamada noted in a blog post.
To avoid installing malicious apps on your Android device, only download applications that you trust. Also, experts recommend installing a security solution to protect you against potential threats.