McAfee has reported on increasing fraudulent Android applications on Google Play in Japan this year, including one-click fraud applications and fraudulent adult dating service applications. The attackers are still looking for new victims using various techniques.
We have also found a new variant of the one-click fraud application that lures careless users into adult voice-connection services to listen to adult stories and later charges a large amount of money without prior notice.
This new variant tricks users into dialing a specific phone number with the device’s standard dialer using a tel:// URI scheme, rather than using telephony APIs for automatic dialing. There is no information about billing for this service; the web page offers just “Listen Now.” By tapping on the button, the dialer application is launched with a preset phone number.
Careful users might notice that the Web page has a link to ‘information’ page (‘i’ icon) which includes the terms and conditions. It says the user need to pay money for annual fee if he dials the number even only once. But we can easily imagine most of users will not visit the page because it is clear that the link to the informational page is intentionally difficult to find.
Once the user dials the phone number and connects to the service, he can hear recorded automatic voice guidance about how to use the service. If the user selects a channel, a recorded “story” plays. There’s no explanation about billing.
When the user next dials the service, the recorded voice talks about billing for the first time. It says the user should go to the informational web page and follow the instructions to pay for the service. If users ignore the payment request, they will get a phone call from the service after a few weeks that says they have not paid and that the service will resort to legal procedures if they will not pay the fee. It also says users must call or email the service to request cancellation in case they have dialed the number by mistake. Of course, you should never pay money for such invalid billing nor call and talk with the fraudster. Just ignore it.
In Japan we have had similar issues related to fraudulent adult voice services long before. An example is the “One Call Fraud,” in which the fraudster dials the victim’s number and quickly hangs up (hence “one call”) expecting that the victim will call back. If so, the fraudster demands payment for the service. We rarely see such traditional fraudulent voice services today, but we could see their revival as smartphone applications.
We first found the current variant around the end of June; these apps were deleted from Google Play at our request. But the same variant has appeared again just today. We estimate that the number of downloads is not yet large, according to statistics on Google Play.
McAfee Mobile Security detects these applications as a variant of Android/OneClickFraud malware and also blocks accesses to the fraudulent website.