Over a dozen malicious Android apps devised to perform billing fraud infected at least 50,000 devices this spring, cybersecurity company McAfee found. As digital security technologies are constantly evolving, so are hackers and other ill-natured actors trying to come up with new ways to steal money from unsuspecting victims, with toll fraud being the latest emergent trend in the industry. McAfee’s cybersecurity experts have been tracking the so-called “AsiaHitGroup Gang” for some time now and are estimating it’s been active since at least late 2016; this January, the malevolent team returned with a repackaged version of one of its installer apps “Sonvpay.C” which delivers fake update notifications, tricking consumers into subscribing to premium services.
Unsuspecting victims of the app would think they’re only confirming an app update when presented with one of Sonvpay.C’s update dialogues, with the original version of the app attempting to scam at least 20,000 people out of their money. The majority of its original target audience was from Malaysia and Thailand, as per the same report. The scam is successful because it’s based on WAP billing, meaning no SMS messages have to be sent to premium-rate numbers. Instead, victims may only tap a malicious dialogue box on a specific website in order to unknowingly sign up for an expensive service that doesn’t do anything but take their money on a weekly or monthly basis. McAfee’s cybersecurity team estimates the hackers earned between $60,500 and $145,000 since restarting their scam in January.
The majority of the apps listed below have been removed from the Play Store in the first half of April after McAfee identified their malicious activities and notified Google about the thereof. Compared to the original scam that relied on fraudulent SMS messages and later embraced WAP billing, the latest version of AsiaHitGroup’s malware uses silent app notifications to avoid detection. Malicious Android apps have been a major issue since the very beginnings of Google‘s mobile ecosystem and while the Alphabet-owned company got better at detecting them over time, new ones continue to emerge on a regular basis.