Mobile security software company Lookout was hot on the trail of a set of Russian malware distributors — and was surprised to find that the biggest groups responsible were as neatly and effectively organized as a small tech business.
Don't get paranoid just yet: Lookout explained to NBC News in an email that this type of fraud isn't nearly as common here: "It appears that they've cut back on targeting [Western] countries because they're having more success in Russia and the Eastern block. In the past we've even seen SMS fraud targeting the U.S. and western Europe," they wrote.
The way it works is this: an unscrupulous or merely curious Android user searches for free games or apps on his or her phone, and follows a resulting link to a legitimate-looking landing page. After agreeing (often without knowing it) to a terms of service, they are served up a malware application that scams money by fraudulently sending premium SMS messages — special texts used to purchase ringtones or sign up for a service.
Thousands of Twitter accounts and fake websites are set up to lure unwitting users, but when Lookout followed the thread a bit further, they found that many led back to a few surprisingly professional-looking organizations.
From their official websites, productivity contests, and easy-to -use tools, at first glance one might guess these malware operators were legitimate software developers or advertisers. And in effect, that's exactly what these malware HQs are: small startups raking in cash thanks to the booming mobile sector. It just happens that the business they make their money through is fraud.
Affiliates sign up for the site as if they were joining a forum or freelance contractor website. A user-friendly, step-by-step process helps them create fake webpages, design and submit malware-toting apps, and makes the latest virus-scan-avoidance software available.
Meanwhile, the malware makers register dozens or hundreds of fake accounts on Twitter and other networks — out of almost a quarter-million accounts analyzed by Lookout, over 50,000 were puppet accounts linking to malware.
Just 10 of these malware HQ organizations account for 60 percent of the SMS fraud Lookout tracked in Russia. Such scams don't usually affect the U.S. or western Europe, but it's not unheard of.
Twitter shuts down such accounts when it finds them, and malicious apps are removed from Google's Play Store whenever detected, but are these big organizations being raided or shut down now that they've been outed?
"We generally don't comment on ongoing investigations like this one," wrote Lookout. "However, in past investigations that are now closed, we have contacted authorities."
Even so, it's little comfort when the groups out there are so well-organized and well-staffed. Your best bet is to stick to well-known websites and only download apps from stores you trust. The problem may not be going away just yet, but consumers can avoid it — with a little discretion.
Devin Coldewey is a contributing writer for NBC News Digital. His personal website is coldewey.cc.