Scamware Using Google Popup Found In Play Store


Phishing attacks that prey on unsuspecting users who don't check URLs or fall for fake popups are nothing new, but now a scam that uses Google's own payment confirmation popup to get money from unwary users has appeared in the Play Store. Though the app seen below, Pingu Cleans Up, is gone now, the type of scam it used could potentially be employed by any app without having to do any extra work to fool Google Play Protect. The app pops up two dummy confirmation windows that are completely safe, then a third that's meant to be clicked through absentmindedly, likely by an exasperated user who just wants to get into the game. That third popup, however, is a weekly payment confirmation. Affected users should know that Google has already canceled all payments, so no further action needs to be taken. If you made a payment and unlocked the app, it is safe to continue using if you really want to, but for obvious reasons, you shouldn't expect any updates. If the game contains any more paywalls further in, you also won't be able to get past those.

The scam makes use of an interesting concept in human psychology. Known as operant conditioning, it was used to an extent in the famous Flappy Bird; users essentially were conditioned for the tap pattern to go from failing to booting up a new game, leading to clicking on ads by accident and generating the app's creator higher-tier ad payments. Here, users are conditioned in short order to tap through the confirmation dialogs, but the third one triggers a payment subscription. The inherent trust inspired by using Google's own popup helps the process along. If you have a password set up for payments or don't have any payment information set up, this type of scam is far less likely to net you. This particular scam fits into a larger sub-type normally used for phishing attacks, known as social engineering.

As of this writing, Google has yet to say anything about this sort of attack. It is able to reach unsuspecting users because it does not break any rules, on the technical side, though to be certain, attempting to take advantage of or defraud users does violate the Play Store's terms of service. The moral of this story is one that's common to hear on the internet; keep your wits about you, and always pay attention to detail, no matter how trustworthy something seems.


Share this page

Copyright ©2018 Android Headlines. All Rights Reserved.

This post may contain affiliate links. See our privacy policy for more information.
Senior Staff Writer

Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, Voice assistants, AI technology development news in the Android world. Contact him at [email protected]

View Comments