Hackers invented a tricky way to palm off paid subscriptions

McAfee found in the Google Play Store fifteen applications that were only pretending to be useful, but actually forced their victims to issue paid subscriptions, and in a rather tricky way. Applications were disguised as various utilities (QR scanner, ringtone editor, calculator, flashlight, desktop wallpaper catalog, etc.), but they contained a new modification of the malware Sonvpay.C. After launch, the application reported the availability of the update and showed the terms of use with one button, after clicking on which a subscription to paid newsletters and services was issued. The presence of such subscriptions could be found out after the money began to disappear from the account.

The virus did not leave any traces on the device, since WAP-billing was used for subscription, not SMS. The attack was aimed at Russia, Kazakhstan, Thailand and Malaysia. Applications were downloaded at least 50 thousand times and brought at least 100 thousand dollars to hackers.