An organized cybercrime ring is amassing profits by targeting smartphone users in Russia with promises of free downloads that turn out to be malicious software. Some Russians have seen their phone bills spike after downloading what they thought were free applications, songs or porn advertised to them in Twitter messages, according to Lookout Security, which plans to release a report about the scheme today.
The malware forces Android phones to discreetly send text messages to phone numbers set up by the hackers. Those numbers charge service fees to the user's mobile operator, which later appear on the subscriber's phone bill. The system is similar to how ringtones are bought. The hackers hide their tracks by deleting evidence of the messages from the devices.
To further prevent victims from catching onto the heist known as Dragon Lady, some versions will redirect victims to the app they were looking for in the first place. Once hackers have infected a phone and begin collecting fees from the carrier, victims will sometimes receive a link to a legitimate site where they can download the real app.
Hackers are collecting as much as $12,000 per month from wireless providers that assume the transactions are legitimate, according to Lookout, the biggest maker of mobile-security software. Nikolai Minashin, a spokesman for Mobile TeleSystems, said Russia's biggest mobile operator is "constantly engaged" in protecting users from premium text-message malware, declining to comment further. VimpelCom has strong anti-fraud protections in place and would not hold consumers liable when fraud is determined to be the cause, according to Bobby Leach, a spokesman for the Russian carrier.
Similar scams have been seen in countries such as Denmark, Germany, Israel, Norway, Portugal, Spain and Sweden, according to Lookout. Telecoms in the U.S. and elsewhere are minimizing such attacks by putting stronger protections in place, including multiple layers of verification for premium text-message services.
Dragon Lady is zeroing in on Android users in Russia, going so far as to block downloads from people in other countries. During the first half of this year, this breed of Russian attacks accounted for more than half of the mobile-malware cases Lookout detected through its software, which is used by more than 40 million people around the world.
The findings point to an unfortunate reality: Hackers are getting smarter at adapting their techniques to the smartphone age.