After Joker, there is a new addition in the line of Batman villain-themed malware, named “Harly”. Named after the fictional girlfriend (Harley Quinn) of “Joker” in the Batman series, this trojan can be defined as an auto-subscriber that works under the pretext of legitimate android apps.
To begin with, let us understand the basic difference between Joker & Harly Trojan.
- Apps developed under the Joker series did not possess any malicious code. Instead, they worked by offering legitimate services to lure the target users into downloading the app from Google Play Store. Once the app was downloaded, it would download the malicious code on the victim’s phone. This code could send expensive SMS messages to premium rate numbers from the victim’s phone.
- On the contrary, Harly is a step ahead. The apps contain the malicious code required to function and thus do not depend on remote CCS (control & Command Server). This makes Harly trojan difficult to detect.
The reach of Harly trojan can be estimated from the fact that over 190 apps in Google Play Store are infected by this trojan, and infected apps have been downloaded more than 4.8 million times.
How does Harly Trojan Work?
The functioning of Harly trojan can be understood as a step-wise process.
- The trojan is distributed using android apps in Google Play Store.
- Cybercriminals download legitimate apps available in the play store.
- Malicious code is injected into the app code while retaining the original functioning of the app.
- The altered app is uploaded to the play store under a different name.
- When user downloads this app, the app decrypts the malicious code & launches it.
The purpose of the code is to gather information related to the target device, such as device configuration & network. Based on these details, the malicious code fetches a subscription list for the victim & signs him up for paid subscriptions.
Can Harly Sign Up The Victim For Subscriptions Bypassing SMS Or Call Verification?
A standard safety measure deployed while activating paid subscriptions is to send a verification code via SMS or over a phone call. But, Harly trojan is capable of bypassing this security measure.
To begin with, it disconnects the Wi-Fi on the mobile device & connects it to the internet using the mobile service provider’s network. Following this, it opens hidden windows to fetch user details for subscription. The trojan then gains access to the messages and intercepts the code sent for verification.
How to Stay Protected Against Harly Trojan?
A few preventive measures & diligences can help in avoiding falling prey to Harly trojan.
- Thoroughly review the testimonials before downloading any app & avoid apps with negative feedback.
- Avoid installing unnecessary apps on your mobile device.
- Use open code apps as it allow users to inspect the code. Malware code hidden in the source code can be found easily.
- Place a spending limit on your mobile phone & keep an eye on your subscriptions.
For more information about cybersecurity solutions, contact Centex Technologies. You can call at the following office locations – Killeen (254) 213 – 4740, Dallas (972) 375 – 9654, Atlanta (404) 994 – 5074, and Austin (512) 956 – 5454.