Poker Player Arrested in Japan, Accused of Ties to Android Malware Operation

Authorities in Japan arrested a well-known professional poker player for his role in an operation that spammed out emails with links spreading Google Android malware.

Masaaki Kagawa, 50, president of Tokyo-based Koei Planning, was among nine people arrested for their roles in the operation, according to Symantec. Kagawa is known as an avid poker player who has won more than a million dollars in competitions worldwide.

“From our observations, the operation began around September, 2012 and ended in April, 2013 when authorities raided the company office,” explained Symantec researcher Joji Hamada. We confirmed around 150 domains were registered to host the malicious apps during this time span. According to media reports, the group was able to collect approximately 37 million email addresses from around 810,000 Android devices. The company earned over 390 million yen (approximately 3.9 million US dollars) by running a fake online dating service called Sakura site in the last five months of the spam operation.”

Spam used to lure victims to the dating site was sent to the addresses collected by the malware, he added. The malware is known as Enesoluty, a Trojan horse for Android device that steals information and sends it to a remote location. Symantec has followed the Enesoluty scam since July of 2012.

“We also believe Android.Maistealer and Android.Enesoluty share common source code with another malware, called Android.Uracto, and that a different group of scammers were maintaining the latter, as the distribution strategy of the malware differs considerably,” Hamada blogged. “It is believed that this other group has yet to be identified, so there will probably be another few twists and turns to this story in the future.”