Cyber-criminals take on mobile phone users with London 2012 Olympics scams – report

8 Aug 2012

The London 2012 official mobile game

A report from GFI Software out today suggests that cyber-criminals are starting to target mobile phone users, with the company’s security researchers having identified a number of malware attacks in July, including Russian websites hosting Trojans posing as the London 2012 official mobile game apps.

GFI Software, a company that specialises in networking and security software, issues a malware report each month as part of its internal research.

In its VIPRE report for July, GFI also came across malware that cyber-criminals have created for Android devices, as well as for mobile web browsers such as Firefox and Opera Mini.

“Mobile malware is a relatively new frontier for cyber-criminals, but that does not mean that their attacks are any less sophisticated or dangerous,” said Christopher Boyd, senior threat researcher at GFI Software. “Many users are not aware of the fact that cyber-criminals have created malware specifically for Android devices and are rushing to download apps before ensuring that they are legitimate.”

Just before the start of the opening ceremony of the 2012 Summer Olympics in London, GFI researchers said they had detected Russian websites hosting Trojans that were posing as the London 2012 official mobile game apps.

The company, in its mobile security analysis, said these websites were designed to mimic the Google Play app market in order to “trick” users into downloading the application.

Email spam

GFI said it also discovered a spam email campaign that was falsely promising people a chance to win free airline tickets to the London Olympics in exchange for filling out a survey and supplying personal information.

In addition, GFI said some users also came across a “phony version” of Firefox for Android, which the agency said exploited the recent release of the official web browser on Google Play in June.

Researchers at GFI said this app belongs to the Boxer malware family, which normally tricks users into agreeing to send premium SMS messages before directing them to the official Firefox website.

It seems this version of the app goes a step further and installs the application without notice, according to the GFI report.

The researchers at GFI believe it sends premium SMS messages and directs users to the Google homepage. According to GFI, this may be a tactic used to convince users that the app was not installed properly, so they could return to the scam website and go through the process multiple times.

As for mobile users that were using the Android version of the Opera web browser, GFI said they were in danger of coming across the OpFake family of Trojans, which often pose as the Opera Mini application, in July.

Similar to the Boxer Trojans, users who fell for this scam also had their phones send SMS messages to premium-rate numbers without their knowledge, said the company’s research lab.

GFI said victims of this scam would not have been aware that anything was amiss until they got their monthly phone bills.

Carmel Doyle was a long-time reporter with Silicon Republic