Over a dozen malicious Android apps designed with the intention of performing billing fraud have infected at least 50,000 devices, McAfee said in its cyber-security report. With the reach of Android surpassing over a billion devices and being used globally, hackers and other ill-natured actors have been developing new tools to steal money from unsuspecting users.
In its report, McAfee says its cyber-security experts have been tracking a group of hackers called “AsiaHitGroup Gang” for sometime now and are estimating it has been active since at least late 2016. McAfee claims the team returned with a repackaged version of one of its installer apps named “Sonvpay.C” which delivers fake update notifications and tricks consumers into subscribing to premium services.
The report further adds that the unsuspecting victims of the app end up thinking that they are confirming an app update when presented with the prompt triggered by Sonvpay.C’s dialogue and the original version is estimated to have scammed at least 20,000 people. McAfee notes that its original target audience were from Malaysia and Thailand.
The scam has been successful because it is based on WAP billing and there is no need to send SMS messages to premium-rate numbers. McAfee’s cyber-security team estimates the hackers to have earned between $60,500 and $1,45,000 since restarting their scam in January of this year. Google has proactively removed most of the app detailed by McAfee in the first half of April, reports Android Headlines.
Watch: Everything you need to know about Oppo Find X
The original version of the scam relied on fraudulent SMS messages and later embraced WAP billing and the latest version of the phishing scam uses silent app notifications to avoid detection. This is not the first time that malicious apps have used Google Play as a platform to steal money from users. Google has been removing such fraudulent apps on a regular basis and has even added Play Protect to protect users on its platform but new apps keep populating over time.