People using Android devices are increasingly under the risk of mobile Trojan making away with their money through the WAP-billing services. That is according to a research report by Kaspersky Lab.
Kaspersky says the trend is growing and affecting thousands of people around the globe; especially people using Android devices. The Trojans are using the Wireless Application Protocol (WAP) billing service, which is widely in use by numerous telecom operators for charging paid services and subscriptions over the years.
WAP-billing is unique in the sense that it charges directly from the users’ mobile phone number. WAP billing does not need the users to have a bank account, card, or go through a sign-up process to pay for the bills. Usually, the user is redirected to a unique web page upon clicking a button and they are then presented with a number of additional services.
Upon clicking the button, the user automatically activates a subscription and the bill is charged on their mobile account. The mobile Trojan in focus here exploits this scenario, by mimicking all the processes involved to bill the user’s number without their consent or knowledge.
You should also know hackers can simply register a domains in the telecom’s billing system, and the fraudulently connect that site to the WAP-billing service. The hacker will then easily siphon funds from the victim’s mobile number account to their own account.
Kaspersky Lab outlined some of these Trojans in its list of ‘Top 20 mobile malware program’ that uses the WAP-billing service. To work properly, all these Trojan were designed to have the capability of switching off user’s Wi-Fi and turning on mobile data. The most notorious of these Trojan belonging to the Trojan-Clicker.AndroidOS.Ubsod malware family gets the URLs from its command and control server and proceeds to open them. KSN report shows this Trojan has affected some 8,000 devices from across 82 countries as at July, 2017.
“We haven’t seen these types of Trojans for a while,” said Roman Unucheck, a cyber-security expert at Kaspersky Lab. “The fact that they have become so popular lately might indicate that cybercriminals have started to user other verified techniques, such as WAP-billing, to exploit users. Moreover, a premium rate SMS Trojan is more difficult to create. It is also interesting that malware has targeted mainly Russia and India, which could be connected to the state of their internal, local telecoms markets. However, we have also detected the Trojans in South Africa and Egypt.”