The Federal Trade Commission (FTC) along with the New Jersey Attorney General have settled charges with a developer who created a mobile “rewards” app that in actuality hijacked users’ phones in order to mine cryptocurrencies.
According to a complaint filed by the United States District Court for the District of New Jersey, Ryan Ramminger, the CEO of Equiliv Investments, created an Android app called “Prized” that offered points to those who downloaded the app and who then either played games or installed other affiliate applications.
Users could ultimately redeem these points for “prizes,” such as clothes, accessories, and gift cards.
However, upon downloading the app, consumers unknowingly installed malicious software that took control of the computing resources of their mobile devices in order to mine for various cryptocurrencies, including Bitcoins, Dogecoins, and Litecoins.
This misrepresentation led to thousands of downloads from the Google Play Store, the Amazon App Store, and additional mobile marketplaces. Once activated, the app drained users’ device batteries and consumed their mobile data, which might have caused some victims to incur fees if they went over their monthly data limits.
“Consumers downloaded this app thinking that at the very worst it would not be as useful or entertaining as advertised,” said Acting New Jersey Attorney General John J. Hoffman in a statement released by the FTC. “Instead, the app allegedly turned out to be a Trojan horse for intrusive, invasive malware that was potentially damaging to expensive smartphones and other mobile devices.”
As part of the settlement, Ramminger and his company have agreed to never produce any mobile apps that, among other things, exchange cryptocurrencies or seize computing resources without a user’s prior authorization.
They also will be required to pay $5,200 as long as they comply with the judgment. If they don’t, an additional fine of $44,800 will be demanded of Ramminger and Equiliv in the future.
According to Helen Wong, an attorney with the FTC’s Division of Financial Practices, this is the first instance in which the FTC has gone after malicious activity originating in a mobile app.
Given its novelty, I hope this case sets an example.
Apps like “Prized” are dangerous not only because they misrepresent themselves to consumers but also because they cost users’ time, resources, and money. These types of applications do not belong in our app stores, and it would appear the FTC agrees.
Let’s therefore call this story for what it is: a warning.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.