Researchers are tracking a pay-per-install scheme being marketed through a Russian web forum, where criminals are recruited to load malware on Android devices in return for payment.
The victims, who have been concentrated in Russia, primarily download malware through bogus apps that appear to be legitimate. After the app is installed, malware forces the infected device to send out SMS messages to premium-rate numbers owned by the attackers, who are ultimately paid for receiving the texts.
The crooks involved are earning a significantly higher fee than those who participate in pay-per-install rings targeting Windows PCs, researchers at security firm ESET said.
In a blog post, Pierre-Marc Bureau, a security intelligence program manager at ESET, said the mobile fraudsters typically make between $2 and $5 per installation — 10 times more than one might rake in for a Windows malware installation.
“In my experience, it is the first time we’ve seen such an organized group targeting Android devices, but I wouldn’t be surprised if there were others,” Bureau told SCMagazine.com on Wednesday.
ESET researchers spotted the threat in May after discovering a Russian web forum, which began operating in late 2011 with the specific purpose of supporting the Android pay-per-install scheme.
“We are still working with different sources to shut down the forum, but right now it’s still active, so we prefer to keep the name private,” Bureau said. “It’s really a forum they set up for the only purpose of trading and selling infections for Android devices. These guys are quite sophisticated. For instance, if someone is willing to buy the infections, they are building their own [customer service] tools to relay information.”
A Google spokeswoman declined comment, though in many cases, malicious mobile apps foisted by attackers are distributed through third-party marketplaces.