Android / Apps

More than 4.8 million app downloads from Google’s marketplace appear to be infected. This data is provided by Kaspersky.
Fraudsters have been counterfeiting official apps to distribute the Harly trojan on Android and subsequently make illicit subscriptions.

The latest scare on Android is called the Harly trojan. Kaspersky warns that there are more than 190 counterfeit apps on the Google Play Store, with nearly 5 million infected app downloads.

Fraudsters have counterfeited official apps to distribute malware and subscribe unsuspecting victims to paid services without their consent, of course.

How Harly is creating the Subscription?

Simply downloading, opening and running the infected app once allows the Harly Trojan to start collecting information about the device and mobile network.

The smartphone switches to a mobile network and then the trojan makes a request to the credit card server to set up the list of subscriptions to be subscribed.
Once the list is set up, the trojan opens a window not directly visible where it first enters the subscription address and then the user’s phone number,
then selects the buttons needed for the scam and enters the confirmation code from a text message. At that point the game is over: without realizing it, the user starts receiving paid subscriptions.

The Harly trojan is able to sign up for subscriptions even when an SMS code or phone call is protecting the process. The malware even makes a call to an ad hoc number and confirms the subscription.

So, even on official marketplaces, it pays to be cautious: make only necessary and useful downloads, avoiding – if possible – apps that serve a few hours; download apps consciously and responsibly. Checking the reputation of the app and the distribution account before downloading helps prevent problems.
nfine, in case of infection, the user must identify the malicious app. A complete list of apps appears on the Android smartphone in the configuration: on Settings – Apps and Notifications – shows all apps. Therefore, it is essential to delete the app from this list to eliminate the malware. In fact, reinstalling the browser or changing the settings does no good: it does not eliminate the malware.