An Ohio maker of smartphone apps has agreed to settle charges by the Federal Trade Commission (FTC) and the New Jersey attorney general that it lured consumers into downloading a rewards app that turned out to be malicious.
The company, whose app is called Prized, had promised consumers the app would be free of malware. But in fact, the main purpose of the app was to load the consumers’ mobile phones with malicious software to mine virtual currencies for the developer.
The defendants, Equiliv Investments and Ryan Ramminger, began making the Prized app around February 2014 in outlets including the Google Play Store and Amazon App Store. According to the FTC, thousands of consumers downloaded the app under the impression that they could earn points for playing games or downloading affiliated apps and then spend those points on rewards such as clothes, gift cards and other items. Consumers were also promised that the app would not contain malware or viruses.
What consumers got instead, was an app that contained malware that took control of the device’s computing resources to mine for virtual currencies including DogeCoin, LiteCoin and QuarkCoin, according to the complaint.
How did they do it? According to the FTC, virtual currencies are created by solving complex mathematical equations, and the malicious app attempted to harness the power of many users’ devices to solve the equations more quickly, thus generating virtual currency. The use of that power also caused the devices' batteries to drain faster and recharge more slowly, and to burn through consumers’ monthly data plans.
The defendants agreed to a settlement that will permanently ban them from creating and distributing malicious software. "Hijacking consumers’ mobile devices with malware to mine virtual currency isn’t just deplorable; it’s also illegal," stated Jessica Rich, director of the FTC’s Bureau of Consumer Protection.
The complaint also alleged that the defendants violated both the FTC Act and the New Jersey Consumer Fraud Act. In addition to the ban on creating and distributing malicious software, the court order also requires the defendants to destroy any information about consumers that they collected via the distribution of the app.
The FTC and the New Jersey attorney general filed the complaint and order in the U.S. District Court for the District of New Jersey. The settlement also includes a $50,000 monetary judgment against the defendants payable to the state of New Jersey.
The FTC said the case is part of its ongoing work to protect consumers taking advantage of new and emerging financial technology. As new technology increases the number of consumers who can store, share, and spend money, the FTC said it’s working to keep consumers protected while encouraging innovation.
"Consumers downloaded this app thinking that at the very worst it would not be as useful or entertaining as advertised," said acting New Jersey Attorney General John Hoffman. "Instead, the app allegedly turned out to be a Trojan horse for intrusive, invasive malware."