December 21, 2015

Trojanized solitaire app slips into Google Play store

Lookout discovered a solitaire app in Google Play’s gaming category that is actually a version of the malware family FruitSMS, which conducts premium SMS fraud and charges people for typically free services.

We alerted Google to the malicious app and Google promptly removed it from the app store. All Lookout users and customers are protected from this malware.

Official app stores generally do a good job of protecting their customers from malicious apps, but their vetting processes are not perfect. The app is another example that app stores are a viable distribution method for criminals looking to deliver their malicious apps.

What is it?

FruitSMS is a simple piece of malware that Lookout has been following for over two years. It trojanizes legitimate applications, but then charges people for otherwise free services via premium SMS. Premium SMS fraud involves tricking a person into texting a premium-rate number. The victim’s carrier then bills them for texting the number, which is then paid out to the criminal.

For those interested, the SHA-1 for the app is c5ac832a03fdec4fcda9b5137a46b1c1f8039da9.

How many people are affected?

Thankfully, for this particular app, not many. The app is a Russian-language game and only had around 50-100 downloads by the time we alerted Google.

What should I do?

  • Research the developer you’re downloading from and read the app reviews. If either feel a little off, avoid downloading the app and look for something a little more reputable.
  • Have a security application, like Lookout, that can alert you when you’ve downloaded a malicious app.
Leave a comment