An example of malware found on Google Play is Harly. So what is the Harly Trojan? How can you protect yourself from him? Below all the details.
What is the Trojan Harly?
Harly is the latest in a short series of Batman villain-themed malware for Android devices. Joker, an earlier piece of malware, hacked into legitimate-looking apps and downloaded code that allowed it to send expensive SMS messages to premium-rate phone numbers.
Joker’s range was limited; Google removed 11 suspicious apps from the Play Store.
While Joker did have a degree of subtlety in that the applications themselves did not contain the malicious payload, the Harley malware contains all the code it needs and does not rely on a remote command and control server.
Applications containing Harly malware are easy to create, but difficult to detect. Criminals download popular and useful apps from the Play Store, inject their own code, and then re-upload them under a different name.
But behind this scenario, Harly will secretly register your device for expensive subscriptions that are added to your monthly phone bill.
How does the Harly subscriber work?
Most subscription services require SMS verification to take effect, while some go further and require a phone call to an automated phone number before billing your account.
Harly can bypass these steps by opening hidden windows to enter registration details and intercepting SMS messages to enter verification codes. You can even make phone calls.
To do this, Harly must first disconnect his device from Wi-Fi and connect via mobile data.