Thursday, March 28, 2024

Trojans Stealing Money From User Accounts Using WAP-billing mobile payment

WAP-billing Trojans in raise from the second Quater of 2017 and they are targeting users from India and Russia, seems these Trojans were developed at the end of 2016 and at the beginning of 2017.

These Trojans distributed like more useful apps such as Battery saver and Ram Optimizer, but it additionally does have malware capabilities.

WAP-billing is a mobile payment feature that charges directly to the user’s mobile bill so that they don’t require to register a credit card or establish a username and positive identification.

For WAP-billing the user needs to connect to the Internet through mobile data, with mobile data only the network operator can identify him/her by IP address. It was discovered by Roman Unuchek.

Generally these Trojan’s first turn off your WiFi connection and then turn on mobile Internet. They do this because WAP-billing works only through mobile Internet. Then they open a web page that redirects to the page with WAP-billing.
Usually, Trojans load such pages and click on buttons utilizing JavaScript (JS) files After that, they have to delete incoming SMS messages containing data regarding subscriptions from the mobile network operator.

Trojan Clickers AndroidOS.Ubsod & Xafekopy

Roman Unuchek from Kaspersky labs identified Trojan Trojan.AndroidOS.Boogr.gsh and it belongs to Trojan-Clicker.AndroidOS.Ubsod malware family.

It is a simple Trojan which pretends like an advertising software, but it is capable of deleting all incoming message that has “ubscri” (part of “Subscription”).

He detected another Trojan as Trojan-Clicker.AndroidOS.Xafekopy which uses JS files similar to Ztorg’s to click on buttons of the web page. It was created by Chinese developers and targeting India(37%) and Russian(32%) users.

Files are distributed in two versions one with Indian links and another with Russian links. These applications once installed loads files from its origin folder which has all the major functionalities. By using this JS they can bypass captcha forms on web pages.

And the Trojan Trojan-Clicker.AndroidOS.Autosus.a is designed to steal money with WAP-billing by using clickjacking methods and also has the ability to hide incoming messages as per commands from C&C server.

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles