Android users in crosshairs of one-click billing fraud

A new one-click billing fraud scam is now targeting users of smartphones and mobile devices running Google’s Android operating system.

 

Computer security firm Trend Micro said what makes this new scam different is that it hooks in then victimizes Android users through a malicious app.

 

“The attack is triggered by a blog site that features videos showing gamers playing. The said blog, called ‘Game Dunga,’ has changed its site contents three times in the past. In the previous versions, there were a lot of links leading to the game-playing videos (not only adult content). The current one, however, (the third generation) includes links leading to only adult contents,” it said in a blog post.

 

If the prospective victim tries to view any of the videos, he or she will trigger a pop-up asking him or her to download a malicious app detected as ANDROIDOS_FAKETIMER.A.

 

ANDROIDOS_FAKETIMER.A then gets the Android user account information, including Gmail account information managed by the affected users’ devices; the SIM information of the affected devices; and the mobile number of the affected devices.

 

“The information gathered by these methods is sent to the cybercriminals,” Trend Micro said.

 

ANDROIDOS_FAKETIMER.A also displays a pop-up window that shows the message “We haven’t received your payment. Therefore, based on our policy, we will have to charge you if you have not paid yet.”

 

It then displays the information it stole to build credibility for itself, and better convince the victim to pay the amount.

 

In contrast, past attacks had involved a website where the victims were asked to pay for a certain amount to prevent their information from being sent to an adult site, Trend Micro noted.

 

Also, it said the app usage for this one-click billing fraud gives the scheme a level of persistence that was not evident before.

 

“In past schemes, the routines were mostly executed through a malicious website, and closing the browser would stop the attack. For this, however, since the one responsible for the routines is an app installed in the device, the prompts asking for the user to pay are shown repeatedly. We studied the code and found that the pop-up is set to show every 5 minutes,” it said.

 

Trend Micro advised users who encounter a similar site to leave the site immediately and not click any links to avoid getting victimized. — TJD, GMA News