Over 190 apps from the Google Play Store have been identified by Kaspersky researchers as being fakes of legal applications that trick users into downloading and installing them in order to sign them up for unwanted paid services.
More than 190 Android applications with more than 4.8 million downloads in the Google Play Store were utilized in this malicious operation, but they have already been taken down following a warning from the cybersecurity firm Kaspersky.
In order to deceive users into downloading and installing them on their mobile device, some “apps” were posed as real applications that offered flashlight services, phone book, calls, or mini-juices, according to a press statement.
deployed the Trojan Harly after it had been set up, which unintentionally changed the mobile network and made contact with a C&C server to create a subscription list and add the victim’s phone number to it.
This enrollment in payment services required dialing a phone number that the Trojan made in the background, out of sight of the user, and entering a confirmation code that was sent to them by SMS.
This campaign has been successful in part because of “people’s passion for everything free,” which hackers are aware of and exploit by hiding malware in cracks, tricks, and mods.
For this reason, Kaspersky urges users to avoid downloading “mods” from dubious sources or illegal “software,” and emphasizes the necessity of installing an antivirus program on their phone, particularly one that doesn’t automatically turn off when playing video games.