HelloTalk app reportedly installed a malicious app called HT Coin on Android devices

Sep 27, 2021
Mobile Computing

HelloTalk is a popular community-driven language learning app that is available on the Google Play Store. It has over 10 Million downloads.  A couple of days ago, a reddit user claimed that a notification displayed by the app downloads a malware.

HelloTalk app reportedly installed a malicious app called HT Coin on Android devices

To be precise, it downloads a file called HTCoin.APK. This file seems to have been triggered as a malicious one. Interestingly, the HT Coin app is not available on the Play Store, which means HelloTalk downloaded it via a direct link from an unknown server.

The redditor shared some details about the app in question, and it appears to have requested several unwanted permissions. More importantly, the app seems to have been based on Metasploit.  For those unaware, Metasploit in itself is not a malware, it is a cybersecurity framework used for testing networks, especially penetration testing. While it can be a handy tool for white hat hackers, the open source framework can also be misused for exploiting code, and injecting malware.

So, it is not exactly surprising if something that contains Metasploit, is detected as malicious. But the real question is, why does the HT Coin app use it? And why does a language learning app need to side-load a different app in the first place?

This also leads to the question, what is HT Coin? To understand more about it, I installed the HelloTalk app and set it up with a temporary email address in the Bluestacks emulator. The Me section in the app has an option for an in-app purchase for virtual currency by the name, HT Coin. Tapping on the option allows you to purchase the IAP, and the payment options for buying the HT Coins are WeChat and Alipay, both of which are popular payment platforms based in China.

HelloTalk displayed ads occasionally, including full screen ads and gender-targeted ads. But I did not get the HT Coin notification while testing the app, so I couldn't tell for certain whether the HT Coin app is malicious or if it even exists.

Hellotalk app reviews

However, looking at some reviews on the Google Play Store, there are a few users who have reported that HelloTalk installs the HT Coin app, and that their phone detected it as malware.

Hellotalk app HT Coin app reviews

The developer replied to one of these reviews, stating that the issue has been fixed, which basically confirms that the issue was real. This could explain why I never got the notification. The app was updated since the 24th of September, while the post on reddit was dated the 25th. So, it's probably a server-side change done by HelloTalk's team that seems to have "fixed the issue".

HT Coin malware - developer's response

The app could now be devoid of malware, but the fact that it downloaded an APK outside the Google Play Store is in violation of the terms and services. It's been over 2 days since the user shared the news on Reddit (and reported it to Google), but the HelloTalk app is still available on the Play Store. Then again, this is not the first instance of an app turning out to be malicious. Google should review apps more strictly to ensure the security of its users, but it does not seem to be a priority for the company.

Do you use HelloTalk? Have you had a similar experience with other apps, share your comments with us.

HelloTalk app installed a malicious app called HT Coin on Android devices
Article Name
HelloTalk app installed a malicious app called HT Coin on Android devices
The HelloTalk Android app has been accused of displaying a notification, that led to downloading a malicious app called HT Coin.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Rush said on August 28, 2023 at 9:50 pm

    If Nothing OS is nothing more that an overlay with Google still in the midst….then I ain’t interested.

    1. Seeprime said on September 12, 2023 at 4:12 pm

      Another unrelated comment older than the article. Pathetic.

      1. Robenroute said on September 13, 2023 at 9:06 am

        it is becoming mindbogglingly annoying indeed…

  2. ThisIsTheWayTheGhacksEnds said on September 13, 2023 at 9:09 am

    Under: https://www.ghacks.net/2023/09/12/iphone-15-with-usb-c-port/

    Apple was forced to add USB-C to a phone and the maccultists start talking about “revolution” and “paradigm shift” (as if USB phones had never come out before). It’s so ridiculous it’s reminiscent of comedians doing the “stepped on a water hose” stunt – that was at least somehow funny a hundred years ago.
    Reading this on a site that used to be a technical resource is especially ridiculous.
    How pathetic

  3. Anonymous said on September 14, 2023 at 4:28 pm

    “An iPhone 15 with a USB-C port will mean more than you think”

    That Apple can finally stop hindering progress if spanked hard enough ?

  4. Alex Hales said on September 21, 2023 at 12:51 am

    I’m thrilled to see Instagram taking steps to enhance the user experience with features like Live Activities. This update is a game-changer, especially for those who frequently upload content on the platform.

    The ability to track upload progress in the background is a simple yet incredibly useful addition. It not only keeps users informed about the status of their uploads but also allows for a more seamless experience on the platform. No more constantly checking if your post has successfully uploaded or worrying about interrupted uploads due to a weak signal.

    As an active Instagram user, this feature is a relief. It showcases Instagram’s commitment to improving user satisfaction and addressing common pain points. It’s all about making the platform more user-friendly, and this feature certainly accomplishes that.

    I can’t wait to try out Live Activities and enjoy a stress-free posting experience. Kudos to Instagram for continually innovating and making our social media lives easier!

    Keep up the great work, Instagram, and thanks to ghacks for keeping us in the loop with the latest tech updates!

    I am additionally add one more think if you want to watch instagram stories anonymously to visit site storysnooper.com.

  5. Alex Hales said on September 25, 2023 at 6:02 pm

    I found this post really insightful! It’s always intriguing to learn about the various ways we can navigate and understand social media platforms. The idea of checking someone’s Threads following list might seem like a niche topic, but in today’s digital age, it can be quite relevant.

    As someone who uses social media regularly, I appreciate the tips and guidance provided here. It’s not just about curiosity; it’s also about understanding our online connections better. This information can help us engage more effectively and stay updated with the content that interests us the most.

    The step-by-step instructions provided in the article are clear and easy to follow. It’s great that the author has taken the time to break down the process, making it accessible to both tech-savvy individuals and those who might not be as familiar with these platforms.

    I also appreciate the emphasis on privacy and ethics. It’s essential to remember that online interactions should always respect the boundaries and consent of others. The article’s focus on respecting others’ privacy is a reminder of the importance of responsible online behavior.

    Overall, this post is a valuable resource for anyone looking to understand more about the Threads following list on social media platforms. I’ll definitely be sharing this with my friends and followers who might find it useful. Keep up the great work, ghacks!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.