Premium SMS text app could cost you hundreds of dollars: Internet Scambusters #592
Apps that secretly send premium SMS text messages from Android smartphones could cost their owners hundreds of dollars, a new report warns.
They're part of a malware epidemic that's sweeping parts of the mobile world. But you can protect yourself with a few easy steps, as we report in this week's issue.
We also have a warning about a Netflix scam in our new "News Alert of the Week" feature.
And now for the main feature...
Hidden Premium SMS Malware Invades Smartphones
Smartphones are being used for a new scam that involves infecting them with malware that secretly sends high-priced premium SMS text messages.
Victims don't know their phone is sending the messages. Instead, they end up with inflated charges on their phone bills, which go straight into the pockets of the scammers.
This premium SMS service is often hidden inside an app the user has downloaded onto their device. It may also include a monthly charge.
Unless they take the time to check bills carefully, users may not spot the scam for months.
Commercial security consultants Blue Coat say in their 2014 Mobile Malware Report that premium SMS apps have quickly become the most popular piece of malware on devices that use the Android operating system.
"The SMS text messages are often sent without mobile phone users being able to detect it and could run up hundreds of dollars in charges before users receive their mobile phone bill," the firm adds.
Where do these apps come from?
Mostly, says Blue Coat, they have some connection with mobile adult sites. Users are tricked into downloading them when they visit these unsavory sites.
But they're just one strain of a malware epidemic that is now sweeping the mobile world.
The number of malware varieties on smartphones and other mobile devices reached a staggering 3.73 million by the end of 2013, according to security specialists McAfee.
That's almost three times the level of the previous year, a clear warning sign that the infection rate is reaching rampant proportions.
It's like the digital version of the Black Death, spreading from victim to victim -- users who don't take the time or trouble to properly protect themselves.
In fact, McAfee says the most common thing this malware does is record and transmit back to its masters how victims actually use their devices.
Crucially, this involves using the built-in tracking function, which is also a feature of many legitimate programs, and selling the information to dubious marketing companies or other criminals.
Mobiles may also be hijacked and recruited into bot networks in the same way that PCs are used, both to send out spam and spread even more malicious software.
McAfee claims that more than 80% of mobile apps track when you use wi-fi networks, when you turn on your device, or your current location. More than half of all apps track when your phone was used.
As the security company notes: "Of course, most of the tracking is benign. We give up our privacy and identifiable data in exchange for convenience, access, and personalization."
However, it's the soaring rate of malicious usage that's the big concern. Some of the data collected may even be used for blackmail or as a prelude to violent crime.
Others keep devices "open" to allow crooks to access them whenever they want, or they may even totally destroy all the data on victim devices.
As we've previously reported, when it comes to mobile malware, all devices are not created equal. Some are far more vulnerable to viruses than others.
As McAfee put it in an earlier report: "To speak of malware that infects mobile devices is to speak of Android malware. Threats against other mobile operating systems, including Apple's iOS, are insignificant compared with malicious Android apps."
Trouble is that Android is now such a common operating system in use on smartphones and, although its producer Google regularly issues patches as it becomes aware of problems, users who don't update their devices are wide open to attack.
So how does that malware get onto a device in the first place? Well, as we previously mentioned, adult sites are a common source, but it could be something much more innocent.
If the malware is inside an app, it's usually one that's been hyped as being something fantastic, like a free game supposedly bursting with great play and graphics that fails to live up to the promise.
Although it's not always possible for users to tell the good from the bad, McAfee suggests that as a general rule, the more data an app collects, the more likely it is to involve malware.
But it's not just malicious apps that are the source of trouble. Research published in March this year shows that the Internet is also a key source of infection.
If you're an Android user, five simple tips will help keep the malware at bay:
1. Always keep your software up to date. Different devices may use different versions of the operating system. If you don't know how to update, find out now by visiting the website of the manufacturer or your cell phone service provider.
2. Install security software. There are lots of both free and paid for versions. If you're not sure what to use, go for a well-known, recognized security provider.
3. Buy your apps only from the official Google Play store or its official equivalents if you're using a proprietary version of Android such as those used by Amazon and Samsung.
4. Don't click on pop-up ads, especially virus warnings that don't come from the security software you have installed. Be especially wary of official-looking "Android virus warning" alerts with a "Remove virus" button -- it's a fake.
5. Steer clear of adult sites and other dubious areas of the Internet.
Also check out our earlier issue on mobile malware for more insights and tips on how to protect yourself: App Malware Threatens Smartphones and Tablets.
News Alert of the Week: If you use the video rental and streaming service Netflix, watch out for phony notifications -- in a pop-up or an email -- saying your account has been suspended for unauthorized use.
The realistic-looking warning asks you to phone an 800 number or download security software. In both cases this may enable the crooks to take control of your PC.
If you get this message and you're worried it may be real, go to netflix.com (nowhere else) and use their support service.
Time to close today, but we'll be back next week with another issue. See you then!
