Market for Android applications and games is developing significantly. Beside official source Google Play, users have other different choices including downloading apps shared on websites or relying on external app stores. According to research by Bkav, these sources always contain potential risks to users. Especially, attaching code in apps to activate SMS to high-fee numbers is getting popular, more than ever.

These malicious applications access users via spam messages or Google search results.

Google results for Pikachu game

To siphon money from users, these malwares use 2 methods: automatically and silently send messages to high-fee service numbers (recently analyzed by my colleague), or require registration to use without clearly stating that SMS to charged numbers will be sent.

Register to use the app

Or, these malwares require users to agree with the terms of use, content of which includes information about charged SMS. However, it’s not easy at all for users to clearly see such information.

“Not easy to read” terms of use

With notifications like this, most users will choose ‘Agree’ without knowing that their accounts will be charged an amount of money because the app has automatically sent a message to high-fee service number.

Obviously, users can easily become victims if not be careful when installing applications for their mobile. Therefore, users had better download apps from secured sources, Google Play for example, as well as equip powerful security software to protect their devices.

Dang Van Long

Malware Researcher

Leave a Reply

Name (required)
Mail (hidden) (required)
Text to Identify

Popup Date Time Portlet

Blogs Aggregator

Recent Posts

Blog Category Portlet


Store Portlet


Vote Baby Portlet