Despite the fact that both Google and Apple take great care in making sure their app stores are secure, it is very difficult to achieve in the end. Especially in the case of Android. The platform is usually the epicenter of all kinds of threats that endanger the security of its users. The latest malicious software to break through bears the stamp of a well-known cybercriminal gang: AsiaHitGroup.
It was the security company McAfee that discovered the threat. Dubbed Sonvpay.C, it sneaked into the Play Store through fifteen innocent-looking apps. Such as ringtone makers, flashlights, QR code scanners, and the like. It is difficult to discover, even if you are a very attentive user.
Basically, once the infection has occurred and is inside the phone, the malicious application warns at some point with an “update” notification. However, it is not an update, but a redesigned subscription button, which instantly registers the user with an unknown payment service. Unlike previous versions of Sonvpay, this one does not use SMS messages. Instead, it uses WAP billing, which means it can't be seen in the user's message history. In this way, thefts occur silently and without the user having the slightest knowledge that they are occurring. At least until he enters his bank account and sees that he is short of money.
According to McAfee, scam apps have been used in Kazakhstan and Malaysia, although if Sonvpay detects that the device is not in one of these regions, it still tries to send an SMS message to a paid service. As the security company itself has reported, the applications have been online since January 2018. McAfee estimates that AsiaHitGroup could potentially have earned between € 52,300 and € 168,000 in exchange for unsuspecting victims. As we always recommend, to avoid any type of malware, always keep your mobile updated with the latest security updates. Also, install a reliable antivirus, such as G Data Internet Security or McAfee Mobile Security.
