![]() The Harly Trojan can subscribe not only when the process is protected by a text message code but also when it is protected by a phone call. The user gets a paid subscription without being aware of it. The Trojan then opens the subscription address in an invisible window and by injecting the JS scripts enters the users' phone number, taps the required buttons, and enters the confirmation code from the text message. It checks the mobile network codes, the unique identifiers of the network operators to make sure they are Thai. The user's phone then switches to the mobile network and then the Trojan asks the C&C server to configure the list of subscriptions that must be signed up for.Īccording to the blog, this Harly Trojan works with Thai operators. The Harly collects information about the users' device when it begins to download the malicious app. Kaspersky states that Harly Trojans contain the whole payload within the app and use different methods to decrypt and launch it. These apps may still have the same features that are listed in the description, and thus escape suspicion. So how do these Trojans work? They download ordinary apps from Google Play, insert malicious code into them and then upload them to Google Play under a different name. According to report, these infected apps have 4.8 million downloads, and the experts believe the numbers could be higher. It is similar to the Jocker Trojan and imitates legitimate apps.Īccording to Kaspersky, more than 190 apps infected with this Trojan have been found on the Google Play Store. Cybersecurity experts have warned of a new malware which can drain users' bank accounts in the form of signing up for paid subscriptions without anyone getting the wind of it.Ĭybersecurity firm Kaspersky in its blog has delved deeper into this Harly malware, named after the sidekick of a well-known comic villain.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |