Malware Manipulates Google Play by Flooding Store with Illicit Apps

It should come as no surprise that scammers like to make money. It should also come as no surprise that scammers are constantly looking to enlarge their wallets however they can. One of the newer methods, according to Mobile Commerce Press, is manipulating the Google Play Store‘s search function.

According to Joji Hamada and remove ads by, a Symantec (News – Alert) researcher based in Japan, Japanese scammers are putting their malware-infested applications at the top of lists by manipulating the search function on Google (News – Alert) Play. By flooding Google Play with a variety of applications, mostly aimed at adult material, malicious applications have managed to make the top 21 applications out of 24 in a Symantec search.

That high profile success comes at a cost of pumping out 1,200 applications over the several months according to Hamada, but the payoff — a $3,000 bill per victim — can be huge.

But that figure, which is accompanied by a three-day payment period, is difficult to achieve. The new Android (News – Alert) malware is a variant of One-click fraud — where a user is prompted to enter payment information for a illegitimate service. The new variant now has victims jumping through a series of hoops — from entering their e-mail addresses (a part of registering for a new service) to calling a phone number to acquire a password for malicious adult websites.

It’s unknown how many people have fallen victim to this scam due to the adult nature of the con. According to the Information Networking Institute at Carnegie Mellon University, people usually pay, though they’re not legally obliged.

Detecting these sorts of malicious applications, according to Hamada, is difficult, if not impossible for automated systems. Even human analysis — hindered by hidden end-user license agreements — has a hard time outing these multilayered approaches to scamming.