Monday, July 2, 2018
Malicious Android apps steal money by stealthily subscribing users to unknown services
Despite the fact that both Google and Apple take great care to make sure the Play Store and App Store are safe, secure, and the absolutely the only place you should be getting your apps, sometimes, some malicious software makes its way through the cracks.
McAfee security company now reports that a known cybercriminal gang — AsiaHitGroup — is at it again, using a repackaged piece of malicious software that it has used in the past on the Google Play Store.
It's called Sonvpay.C and it gets smuggled aboard the Play Store via a plethora of different innocent-looking apps, such as ringtone creators, flashlights, QR code scanners and the like. And it's a sneaky one to intercept, even if you are a savvy user.
Basically, once on one's phone, the malicious app will — at some point — trigger an "update" notification. However, that's not an update, but a reskinned subscription button, which will instantly sign the user up for an unknown paid service. Unlike previous versions of Sonvpay, this one does not use SMS messages. Instead, it employs WAP billing — an over-the-air data message to a website —, which means it can't be seen in the user's message history.
According to McAfee, the scam apps have been used in Kazakhstan and Malaysia, but if Sonvpay detects that the device is not in one of these regions, it'll still try to send off an SMS message to a premium service. Reportedly, the apps have been online since January of 2018 and McAfee calculates that AsiaHitGroup could have potentially made between $60,500 and $145,000 from unsuspecting victims.
Be careful what you download, folks!