Free Android Apps May Steal Your Money if You Aren’t Vigilant


By now, it is too obvious how the script goes. As security on Google’s and Apple’s (though, mostly Google’s) stores gets tighter, so do the exploits that get cleverer to capture unsuspecting users.

.example_responsive_1 { width: 300px; height: 250px; }
@media(min-width: 400px) { .example_responsive_1 { width: 336px; height: 280px; } }

According to McAfee’s security team, a well-known cybercriminal group from Asia, AsiaHitGroup, is back at it by repackaging known apps to sign-up for paid services, through WAP or SMS billing. The latter is not used in the newer versions, making it even more difficult to track activity.

The group hides behind familiar sounding apps such as QRcode Scanner and Despacito Ringtone. The number of affected apps amount to around 15 in total, and the complete list of affected apps can be seen in the link above. These apps have been installed around 50,000 times in total.


The group runs its campaign via a program called Sonvpay, which is secretly hidden within these apps. It looks for any notifications pertaining to billing information.

Once it captures that, it sends a fake notification to the user’s phone, with no option to deny or delay it. The only way to know you’re being conned is through the last term, which is “Click Skip to agree”.

The hacker group first appeared through a paid app on the Play Store, called Sonvpay.A, which aimed to keep users up to date with popular apps outside of the official store. The second version, Sonvpay.B built upon the SMS fraud of its predecessor by adding IP geolocation as well as WAP billing.

The app has primarily targeted users based in Southeast Asia and Russia and may have caused the victims up to $145,000.

If there’s one thing which always comes as a lesson in these stories is how important it is to only download apps from the developers you trust, no matter the source of the app.

Via Digital Trends and Phone Arena

Originally Published on


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.