![play-app-with-100k-downloads-booted-for-forwarding-texts-to-developer-server-[ars-technica]](https://i0.wp.com/upmytech.com/wp-content/uploads/2022/12/98943-play-app-with-100k-downloads-booted-for-forwarding-texts-to-developer-server-ars-technica.jpeg?resize=760%2C380&ssl=1)
Play app with 100K downloads booted for forwarding texts to developer server [Ars Technica]
Enlarge (credit: Mateusz Slodkowski/SOPA Images/LightRocket via Getty Images)
Google has removed two apps, one with more than 100,000 downloads, after receiving a report they were part of an illegal scheme that surreptitiously forwarded text messages that were used to create fraudulent accounts on third-party websites.
The first app, named Symoo, billed itself as an easy-to-use SMS messenger. Once installed, it would ask for the user’s phone number and then pretend to load the application. The app would then hang on the screen while, in the background, it copied every text received and sent it to goomy[.]fun, a website controlled by the developer.
The screen would hang indefinitely, so eventually many users would likely force-quit the app and uninstall it. During the time Symoo was running, however, the developer would use the number for a fee-based service that registered fake accounts on sites that require SMS-based verifications. While the app was running, the service would register accounts using the infected phone’s number and then copy the verification code returned by the site. Besides sending texts associated with the fake account creation, Symoo forwarded any texts the infected phone received from other parties.
Read 6 remaining paragraphs | Comments