Malicious Android apps steal money by stealthily subscribing users to unknown services
McAfee security company now reports that a known cybercriminal gang — AsiaHitGroup — is at it again, using a repackaged piece of malicious software that it has used in the past on the Google Play Store.
It's called Sonvpay.C and it gets smuggled aboard the Play Store via a plethora of different innocent-looking apps, such as ringtone creators, flashlights, QR code scanners and the like. And it's a sneaky one to intercept, even if you are a savvy user.
Basically, once on one's phone, the malicious app will — at some point — trigger an "update" notification. However, that's not an update, but a reskinned subscription button, which will instantly sign the user up for an unknown paid service. Unlike previous versions of Sonvpay, this one does not use SMS messages. Instead, it employs WAP billing — an over-the-air data message to a website —, which means it can't be seen in the user's message history.
According to McAfee, the scam apps have been used in Kazakhstan and Malaysia, but if Sonvpay detects that the device is not in one of these regions, it'll still try to send off an SMS message to a premium service. Reportedly, the apps have been online since January of 2018 and McAfee calculates that AsiaHitGroup could have potentially made between $60,500 and $145,000 from unsuspecting victims.
Be careful what you download, folks!