Anti Virus providers, Panda Security has published a Report that says that it has identified many malicious Apps on Google Play that when installed makes users send to SMSes to premium subscription services without their permission. Among the many Apps identified by Panda Security, the prime suspects are “Easy Hairdos”, “Abs Diets”, “Workout Routines” and “Cupcake Recipes”.  As per Panda Security at least 1.200,000 Android users have download one of the Apps and atleast 300,000 are receiving inflated bills due to the malwares installed on their Android devices.

Malicious Apps like “Easy Hairdos”, “Abs Diets”, “Workout Routines” and “Cupcake Recipes” affects 1,200,000 Android users
Panda Security has given the example of the App “Abs Diets”. Once a user has downloaded and installed the App from Google Play after accepting all the permissions that the App asks, it starts displaying a series of tips to reduce abdominal fat.   However without the Android users knowledge the code in the App grabs the victims phone number from the device and connects to a Web page where it signs the victim up to a premium SMS subscription service. 

The App grabs the victims number from the popular cross platform messaging App WhatsApp as per Panda Security.  It states that the App actually steals the number from WhatsApp. Once the victim has both WhatsApp and the Malicious App installed, opening the WhatsApp App lets the malicious app will get the phone number and save it as part of the data it needs to synchronize the account.

This and the other Apps including the ones listed above have been downloaded by more then 1,200,000 users across the globe and more then 300,000 are already hooked up to the premium SMS services without their knowledge.  

“The truth is that fraudsters are making insane amounts of money from these premium services. A conservative estimate of, let’s say, £20 paid by each user would result in a huge sum of 6 to 24 million pound stolen from victims”, said Luis Corrons, Technical Director of PandaLabs.

The only solution for not falling for this kind of Apps is that users must always read the list of permissions requested by apps before installing them. If they find anything looking outwardly suspicious, they should desist from installing the said App. techworm has already published a article about the malicious Flappy Bird App doing a similar thing.  You can read that article here