Harly, a malware on Google Play that can clean up your bank account

Published on Sep 28, 2022 11:28 AM IST

According to Kaspersky, more than 190 apps infected with this Trojan have been found on the Google Play Store. According to report, these infected apps have 4.8 million downloads, and the experts believe the numbers could be higher.

The Harly Trojans download ordinary apps from Google Play, insert malicious code into them and then upload them to Google Play under a different name(Representational Image)
The Harly Trojans download ordinary apps from Google Play, insert malicious code into them and then upload them to Google Play under a different name(Representational Image)

Cybersecurity experts have warned of a new malware which can drain users' bank accounts in the form of signing up for paid subscriptions without anyone getting the wind of it.

Cybersecurity firm Kaspersky in its blog has delved deeper into this Harly malware, named after the sidekick of a well-known comic villain. It is similar to the Jocker Trojan and imitates legitimate apps.

According to Kaspersky, more than 190 apps infected with this Trojan have been found on the Google Play Store. According to report, these infected apps have 4.8 million downloads, and the experts believe the numbers could be higher.

So how do these Trojans work? They download ordinary apps from Google Play, insert malicious code into them and then upload them to Google Play under a different name. These apps may still have the same features that are listed in the description, and thus escape suspicion.

Kaspersky states that Harly Trojans contain the whole payload within the app and use different methods to decrypt and launch it. The Harly collects information about the users' device when it begins to download the malicious app. The user's phone then switches to the mobile network and then the Trojan asks the C&C server to configure the list of subscriptions that must be signed up for.

According to the blog, this Harly Trojan works with Thai operators. It checks the mobile network codes, the unique identifiers of the network operators to make sure they are Thai.

The Trojan then opens the subscription address in an invisible window and by injecting the JS scripts enters the users' phone number, taps the required buttons, and enters the confirmation code from the text message. The user gets a paid subscription without being aware of it.

The Harly Trojan can subscribe not only when the process is protected by a text message code but also when it is protected by a phone call. Here, it makes a call to specific number and confirms the subscription.

To protect yourself from such Trojans, before installing an app you should first read the user reviews and check its rating on Google Play. It is also suggested to install an internet security software on your personal computer or laptop.

SHARE THIS ARTICLE ON
  • ABOUT THE AUTHOR

    Multimedia journalist with over nine years of experience in print, television and digital media. Books, politics and cinema are an inseparable part of life.

SHARE
Story Saved
OPEN APP
×
Saved Articles
Following
My Reads
My Offers
Sign out
New Delhi 0C
Wednesday, February 08, 2023
Start 15 Days Free Trial Subscribe Now
Register Free and get Exciting Deals