Immediapress / Kasperky: Malicious campaign in Google Play Store – Trojan Harly subscribes users to unwanted paid services via apps with nearly 5 million downloads

Milan, September 22, 2022. Kaspersky researchers recently discovered a malicious campaign in the Google Play Store with over 4.8 million downloads of infected applications. Over the past two years, scammers have counterfeited more than 190 legitimate applications, from flashlights to mini-games, to distribute the Harly Trojan and subscribe users – without their consent – to paid services. Once the application is opened, the Trojan starts collecting information about the device and the mobile network. The phone switches to a mobile network and then the Trojan asks the C&C server to configure the list of subscriptions that need to be subscribed. The Trojan opens the subscription address in an invisible window, enters the user’s phone number, selects the required buttons and enters the confirmation code from a text message. The result is that the user receives paid subscriptions without realizing it. Another important feature of this Trojan is that it can subscribe not only when the process is protected by an SMS code, but also when it is protected by a phone call: the Trojan makes a call to a specific number and confirms the subscription. The Kaspersky team contacted Google and reported the presence of malicious applications in Google Play. “Even though the official stores are carefully vetted, moderators don’t always manage to spot these apps before they’re released. With these apps it is even more difficult to recognize a potential threat, because they really do everything that is proposed. Reading user reviews can help, but they could also be magnified; for this reason we strongly recommend users to install a reliable security solution that prevents downloading of dangerous programs, ”commented Tatyana Shishkova, Kaspersky Security Expert. For more information on the Harly Trojan, you can consult Kaspersky Daily. To protect yourself from malicious apps, Kaspersky experts recommend: • Do not download mods from suspicious sites or pirated software. Cybercriminals are well aware of people’s desire to have everything for free and exploit it through malware hidden in cracks, cheats and mods. • Install an antivirus solution on your phone such as Kaspersky Internet Security for Android • Do not disable the antivirus when playing games. Kaspersky Security Cloud prevents antivirus from consuming too many system resources while playing. It has no impact on performance or frame rate, but still takes care of security. • Reinstalling the browser or changing the settings does not eliminate the malware. First, the user needs to identify the malicious app. The device will display a full list of apps in settings (Settings – Apps and notifications – show all apps). It is important to delete the app from this list to eliminate the malware. • Install applications responsibly. Check the reputation of the application and the distribution account before downloading it. About Kaspersky Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep expertise in threat intelligence and security is constantly being transformed into innovative solutions and services to protect businesses, infrastructures critics, governments and users around the world. The company’s broad portfolio of security solutions includes industry-leading endpoint protection and a range of specialized solutions and services to combat sophisticated and evolving digital threats. More than 400 million users are protected by Kaspersky technologies and we help 240,000 corporate customers protect what is most important to them. For more information: https://www.kaspersky.it/ Follow us on: https://twitter.com/KasperskyLabIT http://www.facebook.com/kasperskylabitalia https://www.linkedin.com/company/kaspersky -lab-italia https://www.instagram.com/kasperskylabitalia/ https://t.me/KasperskyItalia Immediapress is a service for the dissemination of press releases in original text drawn up directly by the issuing body. Adnkronos and Immediapress are not responsible for the contents of the press releases transmitted