Malware for Android instead of a bonus card for stores and brands popular in Russia: potential damage exceeds RUB 6 million
In February 2021, Kaspersky Lab experts discovered in a popular messenger a fake mailing message about an attractive promotion from one of the largest retail chains in Russia.
The message contained a link that led to the download on Google Play of a fake bonus card in the form of an application. To use it, it was necessary to subscribe to a paid subscription. In reality, the application turned out to be almost empty: when launched, the user was shown a picture with the store’s logo and an offer to issue a card; when pressed, the purchase process was launched. The user was withdrawn money, but he did not receive any bonus card.
In addition to the popular Russian grocery chain, the Trojan disguised itself as digital discount, bonus and gift cards of various retail brands popular in Russia. He also posed as an app for customizing themes and screensavers for smartphones and even as a cheat app for a popular mobile game. In general, the Trojan was hiding under the guise of more than 20 different programs and brands.
On average, the subscription that the user had to subscribe when installing the application cost 600 rubles per week. The app alone, which mimicked a popular retail network in Russia, had more than 10,000 installations. Thus, if we imagine that each user would really subscribe, then the potential damage from this application alone could be six million rubles. Kaspersky Lab identifies the application as Trojan.AndroidOS.Fakeapp.cw.