In the latest example, a raft of Japanese one-click fraud apps have found their way into the Google Play store, mostly targeting Android smartphone users from the Land of the Rising Sun who enter pornography-related terms into the app store’s search engine.
“One-click fraud refers to a scam that attempts to lure users interested in adult-related video to a site that attempts to trick them into registering for a paid service,” explained Symantec researcher Joji Hamada, in a blog.
It’s a type of fraud that’s common for computer-based web surfers to run across, but now, as smartphone usage has increased, so has the number of these scams for mobile.
“People typically come across these scam sites by searching for things that they are interested in or by clicking on links contained in spam messages,” he added. “The apps can easily be found on Google Play through keyword searches in the same manner as an internet search. For example, entering Japanese words related to pornographic video results in one of these apps being at the top of the search results at the time of writing.”
Hamada said that he noticed the first Android version of one-click fraud in January. Now, there are as many as 200 of them in Google Play, and their prevalence is escalating.
“We are now seeing multiple developers fiercely publishing apps in bulk on a daily basis,” Hamada said. “We have so far confirmed over 200 of these fraudulent apps published by over 50 developers, although it is likely that more exist.”
Worse, the apps have been downloaded at least 5,000 times in the last two months, Symantec found.
“As far as victims go, we are not aware of how many of these users actually paid money to the scammers,” Hamada noted. “It certainly must be worth the time and effort for the scammers as they have continued doing business for over two months.” The ‘service’ costs about ¥99,000, or around $1,000.
Typically, the apps only require the user to accept the “network communication” permission, although some variants do not require the user to accept any permissions, if the app is simply used as a vehicle to lure users to the scam by opening fraudulent porn sites.
Hamada also said that a new wrinkle was developing in the evolution of Japanese scamming as well. “Interestingly, it appears that the scammers are not only interested in one-click fraud,” he said. “A couple of the developers we have come across also publish dating service apps. It is not surprising to see scammers involved with both one-click fraud apps and dating service apps because these types of dating services are typically considered dodgy in Japan.”
It’s not an unheard-of approach however: last August an Android fraud campaign was found to be targeting Japanese, female, single smartphone users with a “meet a rich man” dating service gambit.