The fake Yandex app was found in August 2018 by researchers from Russian security outfit Dr. Web. The scammers used Alisa, the virtual assistant from Yandex, to attract a larger number of victims, to peddle a Trojan that subscribes users to premium services behind their backs.
The malware opens a phishing site and offers the user a reward, asking for their phone number to receive a confirmation code. The code is not for confirming eligibility for the reward, but for completing a subscription to a premium service, which activates the moment the user connects to the internet.
It is unclear how many victims fell for the fake Alisa app, but the number of downloads recorded by all 127 fraudulent apps discovered by Dr. Web amounted to about 10,000, according to Bleeping computer.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now