In a recent investigation conducted by Symantec, it was discovered that this phenomenon is nothing but a scam through a malicious app. Also known as Android.Uracto, this app sends out spam messages by SMS to phone numbers stored in the device’s contacts. Therefore, recipients become easily tricked because the invitation to download the app is coming from a personal contact rather than an unknown sender. Maybe of these victims in Japan were mothers, anime fans, and gamers.
What’s shocking is that there was a subsequent discovery of about ten similar apps that has been developed by the same group of spammers. The servers hosting the domains appeared to be located in Singapore and Georgia in the United States.
The link that was sent to the victims all led to a site that introduces an app called “Infrared X-Ray”. The site explains that this app would allow user to see through clothes when viewed through the device camera and would even allow pictures to be taken. Sadly (or not), the app does not work. However, once executed, details of the user and their contacts would be uploaded to a predetermined server.
Although the apps look different in appearance, they all steal data in the device’s Contacts, steal contact details and then send out SMS messages to all contacts, and even attempts to scam victims into paying for fake services.
It appears that some of the apps may have been around a while. Some of the directory lists of the servers hosting the apps indicate that the apps were hosted on the server as early as July 2012. Although the scam has only been active in Japan, it does not cancel out the possibilities of it going overseas. Therefore, everyone needs to play a part in being a vigilante of keeping up the Internet and mobile security.
Meanwhile, Symantec will still be investigating these malicious apps and will provide an update at a later date.