WAPDropper secretly subscribes to premium services

Security researchers warn of a new family of malware currently targeting mobile phone users and quietly signing them up for legitimate premiums .

Named WAPDropper, the malware is a multi-functional dropper that can deliver malware and uses μηχανικής εκμάθησης για να παρακάμψει τις προκλήσεις CAPTCHA που χρησιμοποιούν .

Cybersecurity Check Point spotted WAPDropper in a recent campaign and found that it was enrolling its victims in premium services from legitimate telecommunications providers in Malaysia and Thailand.

Η του κακόβουλου λογισμικού αποκάλυψε ότι διαθέτει δύο λειτουργικές μονάδες, που μπορούν να κατεβάσουν και να τρέξουν άλλο κακόβουλο λογισμικό σε μια συσκευή που έχει παραβιαστεί.

In the case of WAPDropper, there is a module that is responsible for it malware in a second stage from the command and control server and another module to acquire the premium dialer.

The plan for scammers to make money is simple: many calls to premium numbers charge the victim's account.

CAPTCHA bypass

According to Check Point, WAPDropper administrators use a common tactic, integrating malware into applications available from unofficial stores.

Once on the victim's device, the malware communicates with the command and control server (C2) to download the program that makes the premium calls.

In one technical reference , the researchers report that the malware activity starts with collecting details from the infected device:

  • Device ID
  • MAC address
  • Subscriber ID
  • Device model
  • List of all installed applications
  • List of services running
  • Top activity package name
  • The screen is on
  • Notifications for this application are enabled
  • This application can design overlays
  • Amount of free storage available
  • Total amount of RAM and available RAM
  • List of applications outside the system

Then a web viewer starts to load landing pages for premium services and make a subscription.

Εάν υπάρχει CAPTCHA που χρησιμοποιεί εικόνα, η Check Point αναφέρει ότι το WAPDropper χρησιμοποιεί τις υπηρεσίες μιας κινεζικής εταιρείας που ονομάζεται "Super Eagle", η οποία παρέχει λύσεις αναγνώρισης εικόνας που βασίζονται σε τεχνολογία μηχανικής μάθησης.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

WAPDropper

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).