Tech UPTechnologyBeware: they detect a Trojan that charges you subscriptions...

Beware: they detect a Trojan that charges you subscriptions that you never approved

In recent months they have found all kinds of Despite the surveillance that this platform has, moderators cannot always detect the presence of these apps.

One of the most popular malware in these applications is subscriber Trojans, which register their users to paid services without their knowledge.

An example of malware found on Google Play is Harly. So what is the Harly Trojan? How can you protect yourself from him? Below all the details.

What is the Trojan Harly?

Harly is the latest in a short series of Batman villain-themed malware for Android devices. Joker, an earlier piece of malware, hacked into legitimate-looking apps and downloaded code that allowed it to send expensive SMS messages to premium-rate phone numbers.

Joker’s range was limited; Google removed 11 suspicious apps from the Play Store.

While Joker did have a degree of subtlety in that the applications themselves did not contain the malicious payload, the Harley malware contains all the code it needs and does not rely on a remote command and control server.

Applications containing Harly malware are easy to create, but difficult to detect. Criminals download popular and useful apps from the Play Store, inject their own code, and then re-upload them under a different name.

But behind this scenario, Harly will secretly register your device for expensive subscriptions that are added to your monthly phone bill.

How does the Harly subscriber work?

Most subscription services require SMS verification to take effect, while some go further and require a phone call to an automated phone number before billing your account.

Harly can bypass these steps by opening hidden windows to enter registration details and intercepting SMS messages to enter verification codes. You can even make phone calls.

To do this, Harly must first disconnect his device from Wi-Fi and connect via mobile data.

Security researchers, , have so far identified 190 different Android apps that contain Harly malware. One estimate puts the number of downloads at 4.8 million, although the actual figure may be much higher.

Am I in danger from Harly malware?

At the moment it is known that it is only available in Thailand, however, knowing the scope of the Internet, this malware could migrate to the American continent.

How can I protect myself from Harly Malware on Android?

In the long run, you should be careful about what you install on your Android device.

  • Check the reviews: The first victims of any scam are usually unhappy about it, and when their phone bill arrives, they leave reviews complaining that they’ve been scammed. Pay attention to reviews and avoid any app with low ratings or negative comments.
  • Don’t install unnecessary apps on your device: The more apps you have on your device, the more likely one of them is compromised.
  • Limit your phone bill: Most providers allow you to set a spending limit on your phone bill. It is recommended to take advantage of this benefit to avoid charges for subscription services.

Solve with cybersecurity laws?

When talking about cybersecurity at the country level, we cannot only try to patch up the problem with a law, since it could get out of control by being steamrolled and leaving aside cross-cutting issues.

Cyberattacks grow 600% since the pandemic began

Since the start of the pandemic, when people made more pronounced use of smart devices, hacks have been on the rise.

This you should consider when choosing antivirus for your computer and devices

Online threats are becoming more common and with these tips you can better protect all your devices.

How to protect yourself from apps that leak your data

Meta detected over 400 third-party apps that stole user credentials and data. Google and Apple have already removed them, but we leave you some tips to avoid falling into one of them.

Have you seen these profiles on LinkedIn? Be careful because there are more and...

Some groups that are in charge of detecting these accounts have blocked more than 12,700 so far this year.