Actually, Google checks its apps in the Google Play Store with its own scan service Google Protect, which also automatically checks the apps for malware on every Android device. Kaspersky proves that this does not always work: 190 infected apps were distributed 4,8 million times. They spread the Harly Trojan, which can also quickly end up on a company cell phone.
Kaspersky cybersecurity experts have identified a malicious campaign on the Google Play Store with a total of more than 4,8 million downloads of infected applications. Over the past two years, cybercriminals there have impersonated more than 190 legitimate applications - from flashlight apps to mini-games - to distribute the Harly Trojan and subscribe users to paid services without their consent.
Trojan collects device info
As soon as a user starts a corresponding app, the Trojan begins to collect information about the device used and its mobile network. The subject's smartphone then switches to a different mobile network, whereupon the Trojan visits their C&C server to configure the list of subscriptions that require a login. Then the trojan opens the address of the respective subscription in an invisible window and enters the user's already received phone number, taps on the required buttons and inserts the confirmation code from a text message. This leads to the user becoming a customer of paid subscriptions without realizing it.
Another notable feature of this trojan is that it can register not only if the operation is protected by an SMS code, but also if it was secured by a phone call: the trojan calls a specific number and confirms the registration.
Google has already been informed
The Kaspersky team contacted Google based on these findings and warned against malicious apps stored in Google Play.
"Even though official app stores are carefully monitored, the moderators working there are not always able to identify these malicious apps before they are released," said Tatyana Shishkova, security researcher at Kaspersky. “Applications of this type make it even harder to spot a potential threat because they do whatever is suggested. Reading user reviews can help, although it's not always a guarantee of security. Therefore, Kaspersky strongly recommends users to install a reliable security solution that prevents the download of dangerous programs.”
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/