These fake Android apps steal your money when you aren’t looking

If you thought you were immune from hackers when downloading “legit” Android apps from Google Play, then think again. The McAfee Mobile Research team recently discovered a new campaign where at least 15 apps were “re-packaged” to secretly sign up for premium paid services in the background. The list includes Qrcode Scanner, Cut Ringtones 2018, and Despacito Ringtone.

The campaign is run by the AsiaHitGroup Gang who first appeared in late 2016 to target victims primarily in Thailand and Malaysia. The group used a fake app installer called “Sonvpay.A” that, for a price, pretended to install popular apps delivered outside Google Play. But it secretly subscribed at least 20,000 victims to paid services in the background by sending SMS messages to premium-rate numbers.

But that was only the beginning.

The group then moved on to bigger bucks through Google Play during November 2017 in its second campaign targeting Thailand, Malaysia and Russia. They modified the fake installer, now called “Sonvpay.B,” to serve as full-fledged familiar-but-fake apps listed on Google’s storefront. For this campaign, Sonvpay relied on IP address geolocation to identify the victims’ country of origin. The campaign also used the same SMS method while adding WAP billing — aka direct billing to a mobile carrier — to secretly subscribe victims to premium services. 

The group’s third campaign began in January 2018 targeting devices accessing Google Play in Malaysia and Kazakhstan. Instead of creating fake apps, the group bundled legitimate Android apps with “Sonvpay.C,” which uses silent background push notifications to secretly subscribe victims to premium paid services. The apps themselves don’t pose any kind of threat outside wanting permission to access SMS messages. In fact, they act completely normal. 

“The subscription operates primarily via WAP billing, which does not require sending SMS messages to premium-rate numbers,” McAfee’s Carlos Castillo reports. “Instead it requires only that users employ the mobile network to access a specific website and automatically click on a button to initiate the subscription process.” 

After you install one of these apps, the Sonvpay component receives commands to sign onto premium paid services through push notifications that the device owner never sees. These services are billed directly to the mobile carrier. Even more, there’s a fake “update” component where if the device owner agrees to the update, Sonvpay.C will subscribe to premium services. Even if the user doesn’t agree, the services may show up on the mobile carrier’s bill anyway depending on the command sent through the push notification. 

The problem with carrier billing and this type of fraudulent charge is that it’s typically not discovered until the victim receives a monthly statement. These charges are typically subscription-based as well, so victims must figure out how to unsubscribe from the premium service.

When McAfee’s team discovered Qrcode Scanner, Cut Ringtone 2018 and Despacito Ringtone loaded with the Sonvpay.C component, they promptly alerted Google and saw the apps disappear from Google Play. Despacito for Ringtone appeared several days later, once again laced with Sonvpay.C, but was quickly nuked by Google.

Unfortunately, the AsiaHitGroup Gang will likely return for a fourth campaign. 

Gaming

Riot Games and Tencent are developing League of Legends for mobile devices

Sources have revealed a collaboration between Tencent and Riot Games that will see a mobile version of League of Legends developed. Tencent owns Riot Games and also developed the mobile MOBA Honour of Kings in China.
Emerging Tech

This guy managed to squeeze an entire game console into a Game Boy cartridge

Popular YouTuber 3DSage has managed to compress an entire mobile games console inside a single original Game Boy cartridge. Check it out in all in its impressively miniaturized glory.
Mobile

Embattled Huawei preps its own backup operating system that runs Android apps

According to a new report, Huawei is developing its own mobile operating system, just in case it loses its access to Android -- something that could happen to ZTE in the near future.
Mobile

FCC chairman and commissioner support the T-Mobile and Sprint merger

T-Mobile and Sprint are getting closer to merging. After a few failed attempts, the two companies announced their merger at the start of 2018. The new T-Mobile could be better positioned to take on the likes of Verizon and AT&T.
Computing

The top mesh routers for a bigger, better, and faster Wi-Fi network

The best mesh routers and Wi-Fi extenders give a wireless network both range and speed. Better yet, they scale fantastically well, so you can always expand your network if you need it to be larger tomorrow than it is today.
Computing

The top curved monitors for gaming, work, entertainment, and more

A curved monitor can provide an immersive experience at work or play - especially with ultrawide monitors. Here's a selection of the best curved monitors available and what they excel at.
Computing

Apple sends out invites for WWDC 2019, and unicorns are involved

Apple developers and fans alike look forward every year to the company's Worldwide Developers Conference, better known as WWDC. Apple has confirmed the conference will take place on June 3-7, and the company just sent out invites.
Mobile

Keep your gadgets fully powered with the best Micro USB cables

A lot of older gadgets and Android smartphones still rely on Micro USB cables to charge or transfer data. Check out our picks of the best Micro USB cables, whether you want something reliable, tough, feature-packed, or simple.
Computing

AMD's latest Navi graphics cards are incoming. Here's what to expect

AMD's Navi graphics cards could be available as soon as July 2019 — as long as it's not delayed by stock problems. Billed as a successor to Polaris, Navi promises to deliver better performance to consoles like Sony's PlayStation 5.
Computing

The May 2019 update for Windows 10 is live. Here’s how to get your hands on it

Launched this week, Microsoft's May 2019 update for Windows 10 releases a slew of new features, primarily simple and powerful security tools, for home and enterprise users. You can get your hands on these tools by installing the new update…
Computing

AMD or Intel? We take a look at the pros and cons of both processors

When it comes to selecting a CPU for your PC, there's no shortage of chips for you to choose from. With Ryzen, Threadripper, and Core i9 CPUs though, the AMD vs. Intel argument is muddier than ever.
Computing

The 2019 MacBook Pro is an impressive performance update, but not much else

With increased competition from Windows laptops, Apple could do with refreshing its MacBook Pro line. Fortunately, it looks set to do that in 2019. Here's everything we know so far.
Deals

Dell Memorial Day sale demolishes prices on XPS laptops, 4K TVs, and monitors

The 2019 Memorial Day sales have already begun, and Dell has hit the ground running: The Dell Memorial Day Sale is destroying prices on laptops, TVs, and monitors, with discounts that can save you thousands. Read on to see the best deals.
Deals

Dell drops big savings on Alienware monitors, headsets, and gaming keyboards

Although known for its beefy PCs, Alienware also makes some great gaming accessories. A handful of them are on sale right now, too, so if you're upgrading to an ultrawide monitor or you just need a new mouse and keyboard, check these out.