Malware Malware Android.Trojan.MKero.A makes a come back to the Android country and this time hackers have found a way to combine it with legitimate applications to bypass Google's Bouncer scanning system.
While Malware was first detected in 2014 and distributed primarily to users through insecure application deployment, Bitdefender reports that in many cases the trojan was found to be distributed today via the official Google Play Store.
This time, the malware is packaged in various gamehis a Android, and when it infects the user's device then it secretly writes it to premium SMS services without requiring any user traffic.
According to BitDefender researchers, the malware uses an intelligent and sophisticated set of procedures that allows it to bypass various mechanisms better safetys that exist in premium sms services to prevent fraud.
First, the malware initiates communication between the device and a C&C server, which is loaded with the URL of a by clicking hereof premium subscription.
Android.Trojan.MKero.A then extracts the image CAPTCHA from the registration form and sends it to antigate.com, a Web service that relies on humans to read font one image CAPTCHAs. (Isn't that ironic??!)
After receiving the CAPTCHA solution from antigate.com, the malware subscribes the user to the service, and after receiving, analyzing and exporting the confirmation code from an SMS message, enters the site's code and upgrades its registration user to premium service.
The purpose of Android.Trojan.MKero.A is simple. The attacker is likely to participate in various affiliate programs in relation to the sms services that the user-victim registers, and has monetary gains from each user he brings.
"Taking into account the malicious software has been built to operate completely silently on the Android device of the victim, its detection and removal is extremely difficult," says Liviu Arsene from BitDefender, who recommend the use of an antivirus for mobile phones as well as regular scanning of the devices.
Ο control of mobile phone bills at regular intervals is also a good idea, as increased charges that came out of nowhere can be a sign of a malware infection.
BitDefender's staff identified 7 infected game applications in the Google Play Store, which have been removed in the meantime.