Infection Technique
In order to infect potential targets, the hackers take a Trojan approach. They download all sorts of random apps from the Google Play Store, and then infect them with their malicious code before re-uploading the alternate versions of the original apps. Unaware users then download these apps, thinking they are getting the original version. Once the altered app is installed on the smartphone, the virus then spreads through the device and takes control of vital services. Since the rest of the app functions as normal, users aren't even aware that they have downloaded harmful code onto their systems.
Stealing Through Subscriptions
Once the malware is in control of your system, it then signs you up for various expensive subscription services in order to steal your money. They intercept the security codes directly from the text messages and then delete them, so you have no idea of what is happening. At the same time, they also try to steal the banking credentials stored on your device, so they can directly drain your account without your knowledge.
Affected Devices and Apps
This type of malware was first noticed back in 2020. Since then, it has been found in over 190 apps present on the Play Store. According to estimates, over 4.8 million people have downloaded these infected apps and may have been exposed to malware as a result.
Some of the apps that were definitely altered and replaced were:
Pony Camera
Live Wallpaper&Themes Launcher
Action Launcher & Wallpapers
Color Call
Good Launcher
Mondy Widgets
Funcalls-Voice Changer
Eva Launcher
Newlook Launcher
Pixel Screen Wallpaper
Solutions
Users are advised to avoid these apps and take greater care when downloading anything from the Play Store. A good practice is to thoroughly check the reviews of any given app before you download it. If you are still not sure, then we suggest getting a paid subscription for one of the more secure anti-virus apps that offer malware tracking as a feature.