11 March 2015
RUSSIAN SECURITY FIRM Kaspersky has spotted a nasty piece of malware that can force its way past Captcha authentication systems and subscribe unwilling phone users to premium rate services.
Premium rate services are a cash cow and a concern for people who do not like to be parted from huge sums of money.
Dialling them without knowledge would be low on anyone’s priorities, but Kaspersky has found that the threat is out there.
The firm first spotted Trojan-SMS.AndroidOS.Podec last year, saying at the time that it was well hidden and protected by “a very powerful legitimate system”.
More recent research shows that the malware can now avoid the Advice of Charge (AoC) system which informs users about a charge and asks for notification.
“After we removed the protection, we saw a small SMS Trojan with most of its malicious payload still in development. Before long, though, we intercepted a fully-fledged version of Podec in early 2015,” wrote the researchers on the Kaspersky Securelist website.
“The updated version proved to be remarkable: it can send messages to premium-rate numbers employing tools that bypass the AoC system.
“It can also subscribe users to premium-rate services while bypassing Captcha. This is the first time Kaspersky Lab has encountered this kind of capability in any Android-Trojan.”
Podec is mostly active in Russia and surrounding countries and is spread through a range of domains and servers including those of the popular Russian social network VKontakte.
“As we see, in most cases the infection is sourced from the social network’s servers. Unfortunately, VK’s file storage system is anonymous, so there is no way to analyse how malware emerges from it,” the firm said.
“However, further research identified a number of communities that distribute Podec on this social network.”
Victims are lured into downloading what is presented as a cracked version of a popular game such as Minecraft offered exclusively for Android handsets.
A number of similar pages have been set up for the purpose of the sting, and Kaspersky suggested that it is one group behind Podec and that that is headed up by a VK user called ‘kminetti’.
Source – http://www.theinquirer.net/inquirer/news/2399064/captcha-caught-out-by-android-baiting-premium-rate-dialling-malware