Malware (Malware) Android.Trojan.MKero.A does a restitution in the land of Android and this time hackers have found a method to bundle it with legitimate apps so as to bypass Google's Bouncer scanning system.
While the Malware was first detected in 2014 and distributed mainly to users through the installation of insecure applications, the Bitdefender reports that in many cases the trojan was found to be distributed today via the official Google Play Store.
This time, malware is packaged in various games Android, and when it infects the user's device then it secretly writes it to premium SMS services without requiring any user traffic.
According to BitDefender researchers, malware uses an intelligent and complex set of processes that allows it to bypass the various security mechanisms in premium sms services to prevent fraud.
First, the malware initiates communication between the device and a C&C server, which is loaded with a website's URLσελίδαof premium subscription.
Android.Trojan.MKero.A then exports the CAPTCHA image from the registration form and sends it to antigate.com, a human-based Web service to read the CAPTCHAs image font. (It's not ironic ??!)
After receiving the CAPTCHA solution from antigate.com, the malware subscribes the user to the service, and after receiving, parsing and export of the confirmation code from an SMS message, enters the website code and upgrades the user's registration to a premium service.
The purpose of Android.Trojan.MKero.A is simple. The attacker is likely to participate in various affiliate programs in relation to the sms services that the user-victim registers, and has monetary gains from each user he brings.
"Taking into account the malicious software has been built to operate completely silently on the Android device of the victim, its detection and removal is extremely difficult," says Liviu Arsene from BitDefender, who recommend the use of an antivirus for mobile phones as well as regular scanning of the devices.
Auditing mobile phone bills at regular intervals is also a good idea, as the increased cost that came from nowhere may be a sign of a malware attack.
BitDefender's staff identified 7 infected game applications in the Google Play Store, which have been removed in the meantime.