Google Removes Malicious Cloned Games From Android Market

Google removed cloned versions of popular games such as "Angry Birds" and "Need for Speed" containing malicious code that appeared on the Android Market over the weekend.

A malicious developer cloned popular games on the Android Market and rereleased them as free apps after modifying some code. Google has removed those apps, according to Lookout Security.

The developer created at least a dozen copies of the most popular games, adding code to make the phone send SMS messages to premium rate numbers. Users unaware of what the phone was doing could wind up having hundreds and thousands of dollars in SMS fees show up on their bill.

It appears 13 apps were available on the Android Market for a little over a day before being yanked by Google on Dec. 11. Even though the security team acted quickly, several thousand users appear to have downloaded the cloned "Need for Speed: Shift" game, according to Lookout. Late last week, Lookout and other vendors identified nine other malicious apps, according to the security company. Google has removed more than 100 malicious apps from the Android Market this year, including those infected by DroidDream.

"These apps have often purported to be downloaders for well-known third party software (often freely available software such as Opera Mobile), and have primarily been found on file-sharing sites and alternative markets," Lookout warned on its blog.

The "rash" of premium SMS toll fraud apps in the last few months have primarily targeted users in Europe, according to Lookout. SMS scams are still more common outside the United States where it is easier to rent and set up premium rate numbers, various security experts have told eWEEK.

These apps could affect users in Russia, Azerbaijan, Armenia, Georgia, Czech Republic, Poland, Kazakhstan, Belarus, Latvia, Kyrgyzstan, Tajikistan, Ukraine, Estonia, Great Britain, Italy, Israel, France, and Germany, according to Lookout.

Mobile malware commonly misuses premium SMS services to make money, according to Vanja Svajcer, a principal virus researcher in SophosLabs. "The damage is often seen only when it is too late, once a monthly bill is received," Svajcer wrote on the Naked Security blog.

Lookout has dubbed these recent malicious apps as RuFraud and said the first wave of apps in this operation were cloned horoscope apps. The apps had "fairly hidden" terms of service indicating the changes that had been made. Users are given only a single option to continue, which translated into an agreement to the premium charges, Lookout said.

The RuFraud operation expanded to include Android phone wallpapers, including a set for the "Twilight" series of movies, and downloaders posing as accessories to bestselling games such as "Angry Birds" and "Cut the Rope." Fake games, essentially cloned versions of the real game, were part of the 13 apps that were released over the weekend, Lookout's researchers said.

The requirements for becoming an Android developer who can publish apps to the Android market are far too relaxed, Svajcer said. The cost of becoming a developer and being banned by Google is much lower than the money that can be earned by publishing malicious apps. More malicious apps will continue to find a way into the Android Market until requirements become much stricter, he said.