Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Mobile & Wireless

Android ‘One-Click’ Scammers Changing Tactics: Symantec

Researchers at Symantec say one-click fraud scams targeting users on Google Play have added some new steps to their dance with Google Android users.

Researchers at Symantec say one-click fraud scams targeting users on Google Play have added some new steps to their dance with Google Android users.

“Because of the success the scammers appear to be having, it seems a new player has come along to try their luck on the market,” Symantec researcher Joji Hamada blogged. “The new scam is a variation on the typical one-click fraud we see in Japan.”

“The new type not only requires clicks, but it also requires users to send an email in order to register to become a member of a service, call a given phone number to acquire a password, and enter the password to log into the fraudulent site,” he continued. “That’s quite a bit of work to get through just to be scammed. Once the user successfully logs into the site, they are charged an annual fee of 315,000 yen, which is equivalent to approximately US$3,150, for watching online adult videos without any obvious prior warning of the fee.”

During the past seven months, one-click scammers have published more than 1,200 suspicious applications on the Google Play app store, according to Hamada. Most were taken down the same day they were published, while others were able to persist undetected for a few days.

In one instance, users who download and opened a particular app caused the browser to open an adult video site. If the user tries to play a video, they are required to register to become a member. Afterwards, the site returns an email with a link. Clicking on that takes the user to yet another service on a different site, Hamada explained.

“This time when a video is selected, the user is asked to enter a password to log in,” he wrote. “Clicking on ‘confirm password’ prepares the phone to make a call to a pre-determined number.”

“When the call is made to this number, an automated message tells the user the password,” he continued. “After logging into the site with the given password, a page appears on the browser informing the user of the registration details as well as notifying them of a whopping 315,000 yen annual fee due in three days.”

Advertisement. Scroll to continue reading.

There is a hidden link to an end user licensing agreement on the page where the password is entered. The link is in the sentence that states that only adults were allowed to use the site, and is “very faint” compared to other text on the page, Hamada wrote.

“Because these apps only launch the browser to open certain sites, which request users to take additional steps to reach the final destination, it can almost be impossible for any system to confirm anything malicious about these apps,” he added. “The manual steps required in this scam is another strategy used to keep the apps on the market as long as possible.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.