Angry Birds malware – Firm fined £50,000 for profiting from fake Android apps

Angry BirdsA firm has been fined £50,000 after Trojan versions of popular Android apps secretly sent expensive SMS messages to premium rate numbers.

UK industry regulator PhonepayPlus uncovered that 1,391 mobile phone numbers in the UK had been stung by the scam, that targeted Android owners who downloaded Trojan horse versions of popular games such as “Angry Birds”, “Assassins Creed” and “Cut the Rope”.

Each time innocent users would start one of the apps it would send three premium rate text messages, costing £15. Charges would continue to mount unless users removed the offending app.

Swift action by the authorities in shutting down the SMS shortcode used by the malware meant that only
£27,850 was taken, and funds were stopped from reaching the bogus app’s developers.

Sign up to our free newsletter.
Security news, advice, and tips.

But, according to PhonepayPlus, the scam wasn’t just targeting smartphone users in Britain, but had also been seen in a total of 18 countries worldwide.

It’s estimated that there were some 14,000 downloads of the malicious apps around the globe.

A1 Agregator Limited ran the premium rate payment system used by the malware to fraudulently charge consumers’ smartphones.

A1 Agregator's website

As well as the firm being fined £50,000, it has also been ordered to directly refund all consumers within three months, regardless of whether they complained or not. In addition, the company has been barred from launching any other premium rate services in the UK without the permission of PhonepayPlus.

Android marketSophos experts have seen a rising trend for malware to be distributed in the form of bogus Android apps, hellbent on earning money from expensive SMS services or allowing the installation of further malicious code.

Recent examples have included false versions of Angry Birds Space, Instagram and even fake Android anti-virus products.

Earlier this year, PhonepayPlus fined two companies £100,000 each after they created typosquatting websites, posing as Twitter and Wikipedia, and tricked visitors into signing up for a premium rate mobile phone service.

It’s good to see more action being taken against those who try to hit smartphone users where it hurts – in the pocket.

But this shouldn’t just be about relying upon the authorities for protection.

For instance, be sure to check the permissions that an app requires when you install it on your Android. Does it have a legitimate reason to ask for them? If you don’t see why it requires permission to send SMS messages, be cautious.

Logastrod permissions

You can further increase your chances of keeping your Android smartphone defended by installing Sophos’s free anti-virus protection for Android.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.