LAS VEGAS ? Ten Russian organizations have tricked thousands of victims into downloading fake Android apps that send premium text messages, each costing from $3 to $18, according to a Lookout Security investigation called Operation "Dragon Lady."
The network is comprised of 10 organizations that create the malware ? which makes up 30% of all malware detected by Lookout in 2013 so far ? as well as thousands of affiliates that make up a vast distribution and marketing network. The affiliates use several techniques, including fake Twitter accounts, to reach as many victims as possible ? and they rack up big profits doing so. Some regularly earn more than $10,000 a month.
Lookout revealed the malware operation in a talk at the DefCon hacking conference on Friday, after launching its investigation last December.
In addition to creating malicious apps, the 10 organizations ? dubbed "Malware HQs" by Lookout ? establish websites that offer affiliates an easy-to-configure platform to develop fake apps and download sites, themselves. What's more, all of this is done on the open Internet.
"These are not guys operating in the shadows," Ryan Smith, senior researcher at Lookout, explained to Mashable. "They're operating in a fairly public manner."
To become an affiliate, an individual simply has to fill out an online form, customize the app with pre-set options, and then copy and paste code into their distribution websites. Basically, no technical knowledge is needed.
The distributors then use Twitter to promote links to fake, free versions of apps that normally cost money, popular apps such as Skype and Opera, or simply porn and MP3s. Victims click, download and typically get an app that redirects them to a website while, in the background, actually sends out premium-rate text messages to phone numbers set up by the Malware HQs. The fraudsters then collect the money, and give a slice of the profit to affiliates.
The Malware HQs operate like a real business, Smith said, providing regular updates, customer service and online assistance to the affiliates. They also offer gamification features to motivate them, publishing rankings online and giving out rewards to the best distributors.
The campaign only focuses on Russia and its neighboring countries, as some of the distributing websites block out traffic that comes from outside these areas. Smith said this is likely because it's easier to maintain a localized business, and that "these affiliates like to be paid out in a very timely way" ? something that's easier to achieve in Russia, where phone customers have a short window of time to dispute charges on their bills.
Still, frauds like these can also be reproduced in other countries, and users should be cautious when clicking on links in their smartphone browsers.
"Don't click on any links you don't trust, don't download any applications from sites you don't trust," Smith said, adding that people should also avoid installing apps from third-party sites, and only use Google Play, whenever possible.
As a general rule, being vigilant will help users steer clear of sites promising free apps that normally cost money. "If something seems like it's too good to be true," Smith said, "It probably is too good to be true."
Image: Flickr, sk8geek