Tuesday, December 17, 2024
HomeTorjan Horses/wormsTrojans Stealing Money From User Accounts Using WAP-billing mobile payment

Trojans Stealing Money From User Accounts Using WAP-billing mobile payment

Published on

SIEM as a Service

WAP-billing Trojans in raise from the second Quater of 2017 and they are targeting users from India and Russia, seems these Trojans were developed at the end of 2016 and at the beginning of 2017.

These Trojans distributed like more useful apps such as Battery saver and Ram Optimizer, but it additionally does have malware capabilities.

WAP-billing is a mobile payment feature that charges directly to the user’s mobile bill so that they don’t require to register a credit card or establish a username and positive identification.

- Advertisement - SIEM as a Service

For WAP-billing the user needs to connect to the Internet through mobile data, with mobile data only the network operator can identify him/her by IP address. It was discovered by Roman Unuchek.

Generally these Trojan’s first turn off your WiFi connection and then turn on mobile Internet. They do this because WAP-billing works only through mobile Internet. Then they open a web page that redirects to the page with WAP-billing.
Usually, Trojans load such pages and click on buttons utilizing JavaScript (JS) files After that, they have to delete incoming SMS messages containing data regarding subscriptions from the mobile network operator.

Trojan Clickers AndroidOS.Ubsod & Xafekopy

Roman Unuchek from Kaspersky labs identified Trojan Trojan.AndroidOS.Boogr.gsh and it belongs to Trojan-Clicker.AndroidOS.Ubsod malware family.

It is a simple Trojan which pretends like an advertising software, but it is capable of deleting all incoming message that has “ubscri” (part of “Subscription”).

He detected another Trojan as Trojan-Clicker.AndroidOS.Xafekopy which uses JS files similar to Ztorg’s to click on buttons of the web page. It was created by Chinese developers and targeting India(37%) and Russian(32%) users.

Files are distributed in two versions one with Indian links and another with Russian links. These applications once installed loads files from its origin folder which has all the major functionalities. By using this JS they can bypass captcha forms on web pages.

And the Trojan Trojan-Clicker.AndroidOS.Autosus.a is designed to steal money with WAP-billing by using clickjacking methods and also has the ability to hide incoming messages as per commands from C&C server.

Latest articles

Cyber Criminals Exploit Windows Management Console to Deliver Backdoor Payloads

A recent campaign dubbed FLUX#CONSOLE has come to light, leveraging Microsoft Common Console Document (.MSC) files...

Texas Tech Systems Breach, Hackers Accessed System Folders & Files

The Texas Tech University Health Sciences Center (TTUHSC) and Texas Tech University Health Sciences...

Beware of Malicious Ads on Captcha Pages that Deliver Password Stealers

Malicious actors have taken cybercrime to new heights by exploiting captcha verification pages, a...

Hitachi Authentication Bypass Vulnerability Allows Attackers to Hack the System Remotely

Critical Authentication Bypass Vulnerability Identified in Hitachi Infrastructure Analytics Advisor and Ops Center Analyzer.A...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

MnuBot – New Banking Trojan Take Browsers Screenshots, Keylogging to Steal Bank Data

Newly discovered banking Trojan named MnuBot malware spreading to steal the sensitive bank related...

New Banking Trojan IcedID Evade Sandboxes and Performing Web Injection Attacks

A New Banking Trojan dubbed IcedID discovered that capable of performing some dangerous web-based...

Silence Trojan Targeting Financial Institutions Recording day to day activity on Bank Employees’ PCs

Security experts from Kaspersky lab discovered a new trojan dubbed Silence trojan that targeting Financial...