New Jersey Division of Consumer Affairs, Federal Trade Commission, Reach Settlement with Developer of Mobile App that Allegedly Hacked New Jersey Smartphones with Harmful Malware
NEWARK – In another victory for the security of New Jersey residents’ computers and mobile devices, the New Jersey Division of Consumer Affairs has joined with the Federal Trade Commission in a settlement with the makers of “Prized,” a mobile app that allegedly hacked Android smartphones and/or tablets with harmful malware.
Specifically, the State and the FTC allege that consumers who downloaded Prized onto their devices were also unwittingly downloading malicious software that infected their devices and caused them to “mine” for virtual currencies such as Litecoin, Dogecoin, and Quarkcoin.
But the “mining” process – which is highly strenuous on computers and even more so for smartphones and tablets – allegedly harmed the owners of the infected devices, and had the potential to leave the devices barely functional. The smartphone and tablet owners faced the possibility of increased costs for electricity and data usage; shortened life spans for their devices; and money, time, and effort involved in removing the malware.
The defendants in this matter, Ohio-based app developer Equiliv Investments and Ryan Ramminger, offered the Prized app through websites such as the Google Play and Amazon app stores.
Acting Attorney General John J. Hoffman said, “Consumers downloaded this app thinking that at the very worst it would not be as useful or entertaining as advertised. Instead, the app allegedly turned out to be a Trojan horse for intrusive, invasive malware that was potentially damaging to expensive smartphones and other mobile devices.”
The Division and the FTC today obtained a settlement with Equiliv Investments and Ramminger in the U.S. District Court, District of New Jersey, in which the defendants are prohibited from marketing or selling products that function as malware, and from using misrepresentations in the sale or advertisement of software products.
In addition, the defendants must, for the next 20 years, regularly provide the Division and the FTC with financial, personnel, and other records intended to help ensure their full compliance with the terms of the settlement as well as with the Federal Trade Act and Consumer Fraud Act. The defendants also must pay $5,200 to reimburse the State of New Jersey’s investigative and legal costs. An additional $44,800 payment will be suspended and vacated within three years, provided the defendants comply with the full terms of the Order.
The defendants have removed the Prized app from the Google Play and Amazon App online stores, from Equiliv’s website, and from all third-party app stores. The app is no longer available for download.
Division of Consumer Affairs Acting Director Steve Lee said, “This is not the first case we’ve seen in which a software developer sought to take over privately owned devices, without the owners’ knowledge or consent, to mine for virtual currency. But this case involved smartphones, rather than computers. This creates a potential for far greater damage, since mobile devices have much more limited processing power and often come with more expensive data plans.”
Background on the “Prized” App:
A Complaint, filed in the U.S. District Court by the Division and the FTC, notes that, among other things:
To entice consumers into downloading Prized and its malware, the app purported to enable users to earn points that would be redeemable for prizes such as clothes, accessories, and gift cards.
The app’s description and terms of use said nothing about the possibility that Prized would hack its users’ devices. In fact, Equiliv’s terms of use specifically represented to consumers that Prized and its software “are and will be free of malware, spyware, time bombs, and viruses.”
Despite these representations, Prized contained malware that took control of users’ smartphones or tablets and made them mine for the virtual currencies or “cryptocurrencies” known as Dogecoin, Litecoin and Quarkcoin.
Cryptocurrencies, like traditional money, can be used to purchase goods and services from merchants who choose to accept them as payment. Dogecoin, Litecoin, and Quarkcoin are generated or “mined” through the solving of highly complex algorithms, a process that requires significant amounts of computer processing power.
When a computer is used to mine virtual currency, its available processing power becomes limited. This process may shorten a computer’s lifespan and create increased electricity costs. The effects may be even more damaging for smartphones and other mobile devices, which have less processing power than computers, often use more expensive data plans, and may overheat if forced to perform the complex computing functions required for cryptocurrency mining for a prolonged period of time.
In addition to its use of malware, Equiliv also in many instances failed to provide consumers with the redeemable points that the app promised to deliver.
The Division and the FTC allege that Equiliv’s and Ramminger’s actions constitute violations of the Federal Trade Commission Act and New Jersey’s Consumer Fraud Act.
“Hijacking consumers’ mobile devices with malware to mine virtual currency isn’t just deplorable; it’s also illegal,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “These scammers are now prohibited from trying such a scheme again.”
Deputy Attorneys General Glenn T. Graham and Elliott M. Siebers represented the State of New Jersey in this matter.
Investigator Brian Morgenstern, assigned to the Division of Consumer Affairs’ Cyber Fraud Unit, conducted this investigation.
This case is part of the FTC’s
ongoing work to protect consumers taking advantage of new and emerging financial technology, also known as FinTech. As technological advances expand the ways consumers can store, share, and spend money, the FTC is working to keep consumers protected while encouraging innovation for consumers’ benefit.
The Division of Consumer Affairs enforces the New Jersey Consumer Fraud Act, New Jersey Computer-Related Offenses Act, and other laws that protect New Jerseyans against identity theft, unlawful invasions of privacy, and other computer-related violations.
The Division's
"Cyber Safe NJ" website includes important consumer protection information on "The Basics of Cyber Safety," "Preventing Identity Theft," and "Controlling Your Privacy."
Consumers who believe they have been cheated or scammed by a business, or suspect any other form of consumer abuse, can file an
online complaint with the State Division of Consumer Affairs by visiting its
website or by calling 1-800-242-5846 (toll free within New Jersey) or 973-504- 6200.
Follow the Division of Consumer Affairs on
Facebook , and check our online calendar of upcoming
Consumer Outreach events.
###