Harly, a malware on Google Play that can clean up your bank account - Hindustan Times
close_game
close_game

Harly, a malware on Google Play that can clean up your bank account

Sep 28, 2022 11:28 AM IST

According to Kaspersky, more than 190 apps infected with this Trojan have been found on the Google Play Store. According to report, these infected apps have 4.8 million downloads, and the experts believe the numbers could be higher.

Cybersecurity experts have warned of a new malware which can drain users' bank accounts in the form of signing up for paid subscriptions without anyone getting the wind of it.

Cybersecurity firm Kaspersky in its blog has delved deeper into this Harly malware, named after the sidekick of a well-known comic villain. It is similar to the Jocker Trojan and imitates legitimate apps.

According to Kaspersky, more than 190 apps infected with this Trojan have been found on the Google Play Store. According to report, these infected apps have 4.8 million downloads, and the experts believe the numbers could be higher.

So how do these Trojans work? They download ordinary apps from Google Play, insert malicious code into them and then upload them to Google Play under a different name. These apps may still have the same features that are listed in the description, and thus escape suspicion.

Kaspersky states that Harly Trojans contain the whole payload within the app and use different methods to decrypt and launch it. The Harly collects information about the users' device when it begins to download the malicious app. The user's phone then switches to the mobile network and then the Trojan asks the C&C server to configure the list of subscriptions that must be signed up for.

The Harly Trojans download ordinary apps from Google Play, insert malicious code into them and then upload them to Google Play under a different name(Representational Image)
The Harly Trojans download ordinary apps from Google Play, insert malicious code into them and then upload them to Google Play under a different name(Representational Image)

According to the blog, this Harly Trojan works with Thai operators. It checks the mobile network codes, the unique identifiers of the network operators to make sure they are Thai.

The Trojan then opens the subscription address in an invisible window and by injecting the JS scripts enters the users' phone number, taps the required buttons, and enters the confirmation code from the text message. The user gets a paid subscription without being aware of it.

Now catch your favourite game on Crickit. Anytime Anywhere. Find out how

The Harly Trojan can subscribe not only when the process is protected by a text message code but also when it is protected by a phone call. Here, it makes a call to specific number and confirms the subscription.

To protect yourself from such Trojans, before installing an app you should first read the user reviews and check its rating on Google Play. It is also suggested to install an internet security software on your personal computer or laptop.

Unlock the power of data-driven insights with IIT Delhi's Data Science & Machine Learning Certificate Program! Click here to know more.

See more

SHARE THIS ARTICLE ON
Share this article
SHARE
Story Saved
Live Score
OPEN APP
Saved Articles
Following
My Reads
Sign out
New Delhi 0C
Sunday, June 16, 2024
Start 14 Days Free Trial Subscribe Now
Follow Us On