Researchers from Panda Security have come across a total of five malicious applications designed to subscribe the owners of infected devices to paid mobile services. The worst part is that all of the apps have been uploaded to Google Play.
The apps in question appear to target Spanish-speaking users. They’re called something like Peinados Fáciles (Easy Hairdos), Dietas para Reducir el Abdomen (Abs Diets), Rutinas Ejercicios para el Gym (Workout Routines) and Cupcakes Recetas (Cupcake Recipes).
Once they infect a device, they wait for the user to open WhatsApp. The malware is designed to steal the victim’s phone number from WhatsApp and uses it to sign up for premium SMS subscription services.
At first sight, the apps seem harmless. They display tips on the various topics to avoid raising any suspicion.
Experts say that each of them has been downloaded between 50,000 and 100,000 times. This means that between 300,000 and 1.2 million users could have installed them.
“The truth is that fraudsters are making insane amounts of money from these premium services. A conservative estimate of, let’s say, €20 paid by each user would result in a huge sum of 6 to 24 million euros stolen from victims,” noted Luis Corrons, technical director of PandaLabs.