Security researchers warn of a new family of malware that is currently targeting cell phone users and quietly enrolling them in legitimate premium services.
With the name WAPDropper, the malware is a multi-functional dropper that can deliver malware and uses machine learning technology to bypass CAPTCHA challenges that use an image.
Cybersecurity Check Point spotted WAPDropper in a recent campaign and found that it was enrolling its victims in premium services from legitimate telecommunications providers in Malaysia and Thailand.
The malware analysis revealed that it has two modules, which can download and run other malware on a compromised device.
In the case of WAPDropper, there is a unit responsible for retrieving malware in a second step from the command and control server and another unit for obtaining the premium dialer.
The plan for scammers to make money is simple: many calls to premium numbers charge the victim's account.
CAPTCHA bypass
According to Check Point, WAPDropper administrators use a common tactic, integrating malware into applications available from unofficial stores.
Once on the victim's device, the malware contacts the command and control server (C2) to download the program who makes the premium calls.
In one technical reference , researchers report that malware activity begins with collection details from the infected device:
- Device ID
- MAC address
- Subscriber ID
- Device model
- List of all installed applications
- List of services running
- Top activity package name
- The screen is on
- Notifications for this application are enabled
- This application can design overlays
- Amount of free storage available
- Total amount μνήμηs RAM and available RAM
- List of applications outside the system
Then a web viewer starts to load landing pages for premium services and make a subscription.
If there is a CAPTCHA that uses images, Check Point reports that WAPDropper uses the services of a Chinese company called "Super Eagle", which provides image recognition solutions based on machine learning technology.