What Is Harly Malware on the Google Play Store?
It’s a common misconception that if you exclusively use Google’s Play store to install apps onto your Android phone, the company will keep you safe from criminals and scammers who are desperate to steal your money. The reality is that, while it’s possible for Google to check the behavior of all Play Store apps, it doesn’t. Millions of devices could be affected by malware.
One such example of malware found on Google Play is Harly. So what is the Harly Trojan? How can you protect yourself from it?
What Is the Harly Trojan Subscriber?
Harly is the latest in a short series of Batman villain-themed malware for Android devices.Joker, an earlier piece of malware, was shoehorned into legitimate-looking apps, and would download code allowing it to send expensive SMS messages to premium rate phone numbers.
The reach of Joker was limited; Google removed 11 suspect apps from the Play store.
While Joker possessed a degree of subtlety, in that the apps themselves didn’t contain the malicious payload, the malware named after his fictional girlfriend (i.e. Harley Quinn) contains all the code it needs, and doesn’t rely on a remote command and control server.
Apps containing the Harly malware are easy to create, but hard to detect. Criminals downloadpopular and useful apps from the Play store, inject their own code, then re-upload them under a different name. The apps work like they should: a strobing flashlight app will transform your student accommodation into a disco, and voice changers let you sound like Arnold Schwarzenegger.
But behind the scenes, Harly will secretly sign up your device for expensive subscriptions which are added to your monthly phone bill.
How Does the Harly Trojan Subscriber Work?
Most subscription services require SMS verification in order to take effect, while some go further and demand a phone call to an automated phone number before billing your account.
Harly can sidestep these steps by opening hidden windows to enter sign-up details, and intercepting SMS messages for enter verification codes. It can even make phone calls.
In order to do this, Harly must first disconnect your device from Wi-Fi, and connect through mobile data.
Security researchers,Kaspersky, have so far identified 190 different Android apps containing the Harly malware. A conservative estimate puts the number of downloads at 4.8 million—although the true number may be far higher.
Am I in Danger From the Harly Malware?
Unless you live in Thailand, you’re probably not in immediate danger. As far as is currently known, Harley is only configured to work with local Thai telecoms providers. However, if the criminals decide to reconfigure Harly to work with cell companies in the US or Europe, it would be a trivial change to make.
How Can I Protect Myself From Harly Malware on Android?
In the long term, you should take care with what you install on your Android device.
Harly: Just the Latest Malware Distributed Through Google Play
Cybercriminals are always looking for ways to get their wares onto your devices and your money into their pockets. For them, Google is the gift that just keeps on giving. As the dominant mobile operating system, even a small degree of success can mean millions of dollars for criminals. Keeping your Android device safe is your responsibility.
Looking for an iPhone or Android device? Here’s our assessment of the security of each OS, including source-code, app stores, and update frequencies.
Every squeak is your PC’s way of crying for help.
Free AI tools are legitimately powerful; you just need to know how to stack them.
Revolutionize your driving experience with these game-changing CarPlay additions.
You’ve been quoting these famous films wrong all along!
Don’t let someone else take over your phone number.
