200 Google Play Store apps charge for paid services without your consent

Alexander Boero

September 23, 2022 at 5:35 p.m.


Bug Google Play Store © Shutterstock

© Shutterstock

The Harly Trojan, discovered by Kaspersky, is distributed by nearly 200 Google Play applications, with more than 5 million downloads to its credit and subscriptions without consent galore.

This is not the first time that seemingly legitimate applications have trapped hundreds of thousands, if not millions, of users of Google Play, the official store of the Mountain View firm. Kaspersky experts have this time announced that they have discovered the evils of the Harly Trojan horse, which managed to escape detection from the platform’s moderators.

Seemingly legitimate apps

Over the past two years, more than 190 apps infected with the Harly trojan have been spotted on Google Play. When put together, they add up to around 4.8 million downloads, although that number could be even higher.

Harly family Trojans imitate legitimate applications, insert malicious code into them and then upload them to the Google Play Store, but under a different name. Screenshots and descriptions accompany these applications, so that the user does not suspect fakes.

Among the approximately 200 imitated applications, there are mini-games with multiple equivalents, translation tools, colored call screens and even flashlights.

The trojan acts discreetly and without the knowledge of the user

As soon as the user launches the malicious application, the Trojan begins its mission and begins its collection of information about the victim’s device and mobile network. From there, the smartphone switches to another mobile network, then the malware asks the C&C server (which, remember, opens a discreet communication channel between the device and the platform controlled by the hacker) to configure the list of subscriptions to which you must register.

Harry Trojan apps © Kaspersky

Examples of apps on Google Play containing Harly malware © Kaspersky

Harly then opens the subscription link in a window invisible to the smartphone owner. From the latter, he enters the user’s telephone number, which he managed to recover a little earlier, presses the required buttons and then types the confirmation code from an SMS. The user, without being aware of it, then subscribes to a paid subscription.

Where Harly is brilliant is that he is able to confirm subscribed subscriptions even when they require verification by phone call. The trojan here makes a call via a specific number and confirms the subscription.

Infected apps that still work!

For the moderators of the Google Play Store, it is all the more difficult to spot these applications that they deliver the service included in their description. The BinBin Flash application supposed to be a flashlight does have this feature!

According to Kaspersky, this Trojan only works with Thai operators, but other clues suggest that the malware developers are located in China.

A legitimate-looking app shouldn’t deter you from reading reviews © Kaspersky

The advice may seem silly and futile, but think well, even in the event of a flattering note, to always read a certain number of user opinions, which often alert on illegitimate applications spotted.

Source link -99