Malicious attack hits Android owners secretly subscribing them to premium paid services – telltale signs to look out for
MILLIONS of Android owners are at risk of a malware attack that silently raids their back accounts – and stops other apps from alerting them.
The cyberattack tricks Android owners into installing malware that secretly subscribes them to premium paid services, according to researchers.
It can also block roughly 200 apps from sending notifications to your phone.
Researchers at ESET, a cybersecurity company, said the hackers are taking advantage of the sudden popularity of a new game called Hamster Kombat.
Hamster Kombat is an Android mobile app where players earn in-game currency by completing simple tasks, primarily by tapping the screen.
Players of the game, which launched in March 2024, have been targeted with fake Android software that actually installs spyware and information-stealing malware on devices.
The app is not available in the Google Play Store, where it would be subject to security checks.
Instead, it’s downloadable through the official Hamster Kombat Telegram channel.
Players are required to join the Hamster Kombat channel on Telegram, scan a QR code provided by a bot, and then launch a web app on their Android devices to play it.
However, this makes the game and its players easy targets for cybercriminals and scammers.
How to spot a dodgy app
Detecting a malicious app before you hit the 'Download' button is easy when you know the signs.
Follow this eight-point checklist when you’re downloading an app you’re unsure about:
- Check the reviews – be wary of both complaints and uniformly positive reviews by fake accounts.
- Look out for grammar mistakes – legitimate app developers won’t have typos or errors in their app descriptions.
- Check the number of downloads – avoid apps with only several thousand downloads, as it could be fake.
- Research the developer – do they have a good reputation? Or, are totally fake?
- Check the release date – a recent release date paired with a high number of downloads is usually bad news.
- Review the permission agreement – this agreement gives permission for the app to take bits of your data, and fake apps often ask for additional data that is not necessary.
- Check the update frequency – an app that is updated too frequently is usually indicative of security vulnerabilities.
- Check the icon – look closely, and don’t be deceived by distorted, lower-quality versions the icons from legitimate apps.
All of this information will available in both Apple’s App Store and the Google Play Store.
Various Hamster-branded channels have emerged, distributing Android malware to those searching for the official channel.
One channel named ‘HAMSTER EASY’ has been found distributing the Ratel Android spyware, according to ESET.
This strain of spyware can intercept SMS and device notifications, and is the malicious software that subscribes the victim to paid-for services.
Hackers then get a cut of these dodgy subscription earnings.
A Hamster Kombat clone app has also been discovered on the Google Play Store under the title ‘Hamster Kombat – Earn Crypto’.
While several fake websites that claim to offer the game, but instead redirect visitors to ads to watch so hackers can generate even more money, have also been discovered.
The game has attracted over 250million players and 53million users on it’s Telegram channel in the four months since it launched.
Must-know Android tips to boost your phone
Get the most out of your Android smartphone with these little-known hacks: