If you installed this game from Google's Play Store, your Android phone may be infected!
While many detractors of iOS point to Apple's strict access to the App Store, others -- like me -- applaud it. While it might be harder to get an app approved for download in Apple's store, it is arguably more secure. Conversely, Google's Play Store can sometimes feel like the wild west. Sure, Apple's process is not infallible either, but many consider it to be the gold standard. Apple's stronger and more stringent screening process not only helps to block malicious apps, but weeds out low-quality offerings too. Overall, neither process is perfect.
Today, a startling discovery was made in the Google Play Store for Android. You see, a malicious app masquerading as a game made it past Google's security screeners, putting millions of users at risk. Had anti-malware company Lookout not discovered it, there is no telling how many Android users could have installed it.
"Lookout discovered a solitaire app in Google Play's gaming category that is actually a version of the malware family FruitSMS, which conducts premium SMS fraud and charges people for typically free services. We alerted Google to the malicious app and Google promptly removed it from the app store. All Lookout users and customers are protected from this malware", says Lookout.
What is FruitSMS? Lookout explains that it as "a simple piece of malware that Lookout has been following for over two years. It trojanizes legitimate applications, but then charges people for otherwise free services via premium SMS. Premium SMS fraud involves tricking a person into texting a premium-rate number. The victim's carrier then bills them for texting the number, which is then paid out to the criminal".
In other words, this malware can actually cost you money through text messaging! The scary thing is, many people do not extensively check their mobile bills each month, making victims of such a scam none the wiser. It is actually quite disconcerting that Google failed to protect Android users from such an egregious scam. Luckily, only about 100 people downloaded the Russian-language game before it was pulled.
Did you download this malware? If so, you should shut off your cellular radio immediately to prevent fraudulent text messages. Then, using Wi-Fi, download Lookout, or similar security application, to scan and clean your device.