Android Malware Scam Nets $265K, Lands IT Execs in Tokyo Jail

Last week, Tokyo police arrested six men in connection with an Android malware campaign that netted roughly $265,000 or 21 million yen. The investigation and eventual arrests represent the first time Japanese police, or any police force that I know of, targeted and brought down criminals who used Android malware to scam smartphone users and extort cash, according to Japanese news site The Daily Yumiuri.

Security researchers and others—including tech bloggers like me–have cautioned mobile device users of the Android security threat for years, but there haven’t been too many real-world examples of widespread Android malware that successfully extorts money from victims. This week, Japan was the scene of two high-profile malware incidents, one a particularly nasty affair that resulted in the arrest of six men, including two current IT executives and one former tech exec.

Half a dozen men located in Tokyo reportedly worked together to create a piece of Android malware that they then disguised as a video player and distributed through an adult website starting in December 2011. The software presumably offered adult videos or other related content, but once the app was installed it stole users’ personal information, including phone numbers and e-mail addresses, which were then stored on a server hosted outside of Japan.

After the data theft, the malicious Android software displayed a message that demanded payment of 99,800 yen (about $1,260) per person. After the app was launched for the first time it displayed a message similar to the following text every five minutes, even if users restarted their devices:

“Please pay the fees as soon as possible. You need to confirm the unpaid amount. It totals 99,800 yen.”

Japan also saw another odd form of Android malware designed to access photo libraries on infected users’ device and ruin images by pasting another odd image over users’ photos.

Both of these malicious apps were distributed through third-party sites and not through Google’s official Play Store app store, though the app that ruined photos was available via the Play Store for a short period of time. The malicious software components are thought to have been added to the app after its removal from the Play Store.

According to security researchers at Kaspersky about 65 percent of new malicious mobile applications identified in 2011 targeted the Android platform, compared with J2ME (27 percent), as well as Symbian (7 percent), and Windows Mobile (1 percent). More than 30 percent of malicious Android apps were created to steal personal data, with a nearly equal percentage of Android malware apps meant to gain control of users’ devices, according to Kaspersky.

AS

Via Yomiuri.co.jp