Announcement of 02. February 2016

Gaming app leads to expensive subscription trap

G DATA analyses application from the Google Play Store that silently subscribes to paid services.

There were over 1.4 million apps in the Google Play Store in 2015 (source: Google) and, despite all the security precautions, more and more malicious applications are appearing among them. G DATA security experts have discovered a new type of subscription trap that has already ensnared numerous Android users. Questionable gaming app Blend Color Puzzle has been available since early November 2015 and has been promoted on trustworthy platforms. After being installed and launched, the app sets up two subscriptions with Dutch companies, without the user realising. The subscription is paid for via an intermediary company, making it even harder for those affected to trace the perpetrators and take remedial action. G DATA SecurityLabs suspect that a larger international network of companies is behind this. An article in the G DATA SecurityBlog analyses the case.

This type of attack represents a new phenomenon for us. What we are seeing is a scam that has been put together with a great deal of effort, in order to cause damage to a broad swathe of users. Legitimate applications make reference to the malicious app, which collects personal data, sets up subscriptions in the background and sabotages mobile connectivity. Affected users should immediately seek assistance and take steps to remedy it.

Ralf Benzmüller, head of G DATA SecurityLabs

Questionable app

The app is a game called Blend Color Puzzle. In it, people are asked to recognise and tap on shades of colour. Blend Color Puzzle has been available in the official Google Play Store since 3 November 2015 and has been downloaded more than 50,000 times so far. The visual similarity to the popular game Blendoku might be the reason that so many users have tried out the free game. Even the app images displayed by the publisher in the Play Store show the name Blendoku on the left border of the play area. After launching the game, users receive two SMS messages from the mobile service provider confirming that two subscriptions have been set up. This happens in the background, without the user noticing.

 

New form of attack via apps

The approach of setting up subscriptions without any user interaction is a new method of attack. Previous WAP billing cases originating from apps resulted from the user having clicked on a web banner, for example. This is not necessary in the current case. Time will tell whether further cases of this scam come to light in the coming months.

 

G DATA tips for protection

  • Users should contact their mobile service provider and ask for third party provider services to be blocked. This will stop silent payments from being made to third parties.
  • A comprehensive security solution on the mobile device is also a must. G DATA Internet Security for Android offers effective protection for smart devices.
  • Reviews and comments can be a help with apps. Potential users should look more closely if there are any negative comments.

 

Further information can be found in the G DATA SecurityLabs blog article.

 

Media:

Announcement of 02. February 2016

G DATA Software AG
G DATA Campus
Königsallee 178
D-44799 Bochum

Phone: +49 234 9762-239
E-Mail: presse@remove-this.gdata.de

Hauke Gierow
Press spokesperson

Contact

Hauke Gierow

Phone: +49 234 9762-665
hauke.gierow@remove-this.gdata.de

Kathrin Beckert-Plewka
Public Relations Manager

Contact

Kathrin Beckert-Plewka

Phone: +49 234 9762-507
kathrin.beckert@remove-this.gdata.de

Stefan Karpenstein
Public Relations Manager

Contact

Stefan Karpenstein

Phone: +49 234 9762-517
stefan.karpenstein@remove-this.gdata.de

Vera Haake
Spokesperson for event & location communication

Contact

Vera Haake

Phone: +49 234 9762-376
vera.haake@remove-this.gdata.de