Despite the fact that from Spain both media such as EL ESPAÑOL – Omicrono as professionals recommend install applications from official stores, the truth is that sometimes it is difficult to get rid of cybersecurity threats even in these situations. There have already been cases of infections of millions of devices even since apps present on Google Play, and the Kaspersky antivirus team has discovered yet another.
[Android recibe 47 veces más virus que iOS, según un informe de Apple]
In a security report, the firm has discovered a new trojan that subscribes you to paid services. Nicknamed ‘Harly’, it is a Trojan similar to a well-known one called Jocker, and which works in the same way; subscribe you to hugely expensive paid services without the victim knows.
A Trojan that has been found in 190+ apps from Google Play Store. Apps that accumulate an incredibly worrying number of downloads between them: 4.8 million, At least that the Kaspersky team has been able to determine, so the figure could be even higher.
Beware of this Trojan
The mode operating of this Trojan (or rather of these applications) is to launch apps false that imitate many more popular ones. The hackers download ordinary applications from the Google Play Store, insert the malicious code into them apps and reupload them to the store changing certain details to not set off the alarms of the original developers.
These applications are usually well presented, in such a way that they do not give rise to doubts to the users. Elaborate descriptions, screenshots (usually belonging to the original applications that they usurp) and flashy icons.
Trojans like Jocker obtain their malicious code directly from C&C servers owned by the fraudsters in question, as Kaspersky explains. Harly works though completely local; the application itself already has the payload it needs and uses “different methods to decrypt and execute it”. Typically, these apps have comments from affected users reporting the scam.
Harly is in charge of obtaining all the information on the device, especially about the victim’s mobile operator and its mobile network. The mobile network is changed to another and the Trojan asks the C&C server in question to configure the subscriptions to which the device should register.
It only works with Thai operators, which checks mobile network codes (MNC) to determine that they are from Thailand. In this case, a code from the China Telecom operator is used, implying that the hackers They come from China.
Once the procedure has been carried out, the user ends up subscribing to a subscription at a very high price, and does so both via SMS and via call. And it is that these subscriptions can be made by means of a telephone call; the Trojan makes the call to confirm the subscription, again, without the Trojan knowing.
Of course, it is normal to doubt stores like Google Play after hosting these applications, despite being trusted distributors compared to other platforms. Of course, they are not perfect, so it is important that you pay close attention to the applications you download; if they are verified, if they have good reviews or if you really need the use that they can provide you.
You may also like…
Follow the topics that interest you
#dangerous #Trojan #subscribes #paid #services #infected #millions #mobiles