Skip to Content

Android apps automatically signed people up for premium services

We download apps for a variety of reasons. Some are meant to help us perform or remember tasks, while others are there to keep us entertained or connected.

Regardless of the whys, the ability to download apps — many of which are free — is one of the best parts about owning a smartphone. Yet as we have come to learn, sometimes apps are more harmful than they are helpful.

Such is the case with some Android apps, which were recently discovered to be more than what people bargained for. In fact, the apps in question led to a good amount of money being unwillingly and unknowingly spent.

Download the app, sign up for premium services

The issue was discovered by the McAfee Mobile Research team, and what they found was that some Android apps led to a cyberattack that happened in the background. The campaign was originated by the AsiaHitGroup Gang, who first landed on the radar in 2016 and primarily targeted people in Thailand and Malaysia.

Since then they also moved into Russia, and continued to modify their fake installer.

This time at least 15 apps were discovered to be problematic, as they all contained the code for what they are calling the “Sonvpay” campaign. Essentially what happens is that along with performing the actual tasks of the app, it also keeps an eye on incoming push notifications that contain the kind of data needed to perform mobile billing fraud.

With that information, the app would then display a fake update notification to the user, one that contained just one thing that could clue people into what was going on. If one was willing to scroll until the very end, they would see the phrase “Click Skip is to agree,” which once tapped would let Sonvpay fraudulently subscribe the person to a WAP or SMS billing service.

However, even if the user does not accidentally agree it is possible the services will still be subscribed to. The only way to notice any of it was to see it on a bill.

Which apps are affected?

So far McAfee has identified 15 apps, though it’s possible there could be more. Google immediately took the bad apps out of the Play Store once they learned of the issue, but more were found after that and overall, some of the apps have been installed tens of thousands of times.

As of now, these are the ones known to be involved:


Cut Ringtones 2018


Qrcode Scanner

QRCodeBar Scanner APK

Despacito Ringtone

Let me love you ringtone

Beauty camera-Photo editor


Night light


Shape of you ringtone

Despacito for Ringtone

Iphone Ringtone


What to do if you downloaded one of these apps

If you are an Android user who downloaded one of the bad apps, you will want to check your bill to see what services you have been subscribed to, and immediately cancel them. Deleting the app would then be a smart move.

As for ensuring you do not get caught up in anything like this, there are a few things you should keep in mind.

For starters, make sure you only give each app permission to what it needs. If the app wants access to SMS messages or some other function that does not seem at all relevant to its purpose, that should be a red flag.

Along those same lines, be mindful of the fine print associated with any app. Prior to downloading or updating anything, make sure to scroll through the information provided and read through the fine print. It may not be fun, but it could save you from some trouble down the road.

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days