Tech

Google Play apps with 700k installs steal texts and charge you money

Google Play apps with 700k installs steal texts and charge you money

Enlarge (credit: Getty Images)

Security researchers have uncovered a batch of Google Play apps that stole users’ text messages and made unauthorized purchases on users’ dime.

The malware, which was hidden in eight apps that had more than 700,000 downloads, hijacked SMS message notifications and then made unauthorized purchases, McAfee mobile researchers Sang Ryol Ryu and Chanung Pak said Monday. McAfee is calling the malware Android/Etinu.

User data free for the taking

The researchers said an investigation of the attacker-operated server that controlled infected devices showed it stored all kinds of date from users’ phones, including their mobile carrier, phone number, SMS messages, IP address, country, and network status. The server also stored auto-renewing subscriptions, some of which looked like this:

Read 10 remaining paragraphs | Comments