How cybercriminals defraud freelancers

July 5, 2016

When it comes to theft, cybercriminals usually use malware: ransomware, banking Trojans, viruses, and other such means. But sometimes, a good story and some perfectly legal software may be enough for them to accomplish their goals. For example, some crooks have been using AirDroid — a powerful app for remote smartphone management — to steal money from freelancers.

How cybercriminals defraud freelancers

The scheme is simple. Criminals start by finding a potential victim on a website where employers look for freelancers and freelancers look for work. A crook claims to be an employer in search of a specialist for a simple project. Usually, they advertise for testers, designers, or copywriters, but the approach can be used to fool other types of freelancers as well.

Once they’re in contact, the criminal asks the freelancer to install an app needed for the job — to write a review, draw an icon, or test new features, for example. The majority of cases we are aware of involved AirDroid, a legitimate app for remote management of mobile devices.

The link leads to the official Google Play store — and so even a suspicious freelancer would not see signs of phishing or any other kind of cheating. Once the app is installed, the criminal sends login and password credentials for a test account. It’s not uncommon for clients to share data with freelancers, so everything still looks OK. The victim logs in with the provided credentials, and boom, the criminal has full control over the freelancer’s device.

If that compromised device has a mobile banking app, criminals can transfer money out. They can lock the phone and demand ransom for restoring it to working order. They can also dig into personal messages and photos — perhaps finding something worthy of blackmail. All in all, that smartphone is a goldmine for the criminal.

There is even a detailed manual (for ethical reasons, we won’t link to it) that explains how to defraud people with the help of AirDroid. And yet, the app is guilty of nothing at all — it’s a legal, fully functional, and easy to use program that gives users remote access to their own devices. Unfortunately, it’s so useful that it’s always on criminals’ radar.

The company published a warning on the app’s Russian page on Google Play (for this type of scam, criminals hunt for freelancers mainly on Russian sites, but it can easily be implemented anywhere in the world) that warns people not to use any accounts but their own, to minimize the risk of sharing their personal data with account owners. Developers know about this fraudulent activity, and they are trying to solve the problem. Unfortunately, people are rarely careful about what they’re installing — and who reads an app’s full description?

When you seem to be giving up your information deliberately, no antivirus can protect you. Security solutions were designed to fight viruses and Trojans, but AirDroid is a legitimate app created to perform tasks that are perfectly legal. It has high Google Play rating, and for good reason. The problem is that criminals also like the app. In such cases, the only way to protect yourself is to understand how they work.

Of course, AirDroid is not the only remote-access app, and therefore it is not unique in being used by scammers. Criminals often make use of remote access software such as Teamviewer and other similar solutions. You need to be very cautious every time you install an app or program on your laptop or mobile phone, even if it’s at the request of a client — and especially if the request comes from an unsolicited “Microsoft representative” or some “technical support service.”

Social engineering subverts security software, which is why we often write about such schemes on Kaspersky Daily. You need to know how criminals defraud people and how to stay safe. You can follow our news on Twitter and Facebook. Keep up — alert today is alive tomorrow.