HelloTalk app reportedly installed a malicious app called HT Coin on Android devices
HelloTalk is a popular community-driven language learning app that is available on the Google Play Store. It has over 10 Million downloads. A couple of days ago, a reddit user claimed that a notification displayed by the app downloads a malware.
To be precise, it downloads a file called HTCoin.APK. This file seems to have been triggered as a malicious one. Interestingly, the HT Coin app is not available on the Play Store, which means HelloTalk downloaded it via a direct link from an unknown server.
The redditor shared some details about the app in question, and it appears to have requested several unwanted permissions. More importantly, the app seems to have been based on Metasploit. For those unaware, Metasploit in itself is not a malware, it is a cybersecurity framework used for testing networks, especially penetration testing. While it can be a handy tool for white hat hackers, the open source framework can also be misused for exploiting code, and injecting malware.
So, it is not exactly surprising if something that contains Metasploit, is detected as malicious. But the real question is, why does the HT Coin app use it? And why does a language learning app need to side-load a different app in the first place?
This also leads to the question, what is HT Coin? To understand more about it, I installed the HelloTalk app and set it up with a temporary email address in the Bluestacks emulator. The Me section in the app has an option for an in-app purchase for virtual currency by the name, HT Coin. Tapping on the option allows you to purchase the IAP, and the payment options for buying the HT Coins are WeChat and Alipay, both of which are popular payment platforms based in China.
HelloTalk displayed ads occasionally, including full screen ads and gender-targeted ads. But I did not get the HT Coin notification while testing the app, so I couldn't tell for certain whether the HT Coin app is malicious or if it even exists.
However, looking at some reviews on the Google Play Store, there are a few users who have reported that HelloTalk installs the HT Coin app, and that their phone detected it as malware.
The developer replied to one of these reviews, stating that the issue has been fixed, which basically confirms that the issue was real. This could explain why I never got the notification. The app was updated since the 24th of September, while the post on reddit was dated the 25th. So, it's probably a server-side change done by HelloTalk's team that seems to have "fixed the issue".
The app could now be devoid of malware, but the fact that it downloaded an APK outside the Google Play Store is in violation of the terms and services. It's been over 2 days since the user shared the news on Reddit (and reported it to Google), but the HelloTalk app is still available on the Play Store. Then again, this is not the first instance of an app turning out to be malicious. Google should review apps more strictly to ensure the security of its users, but it does not seem to be a priority for the company.
Do you use HelloTalk? Have you had a similar experience with other apps, share your comments with us.Advertisement