New malware fraudulently subscribes victims to premium phone services

New malware fraudulently subscribes victims to premium phone services

If you believe you may have been affected by WAPDropper malware, you should first uninstall any suspicious applications and inspect your billing records to identify any unusual patterns.


We’ve come across our fair share of malware in the past that fraudulently subscribes users to in-app purchases on smartphones and other services. In the latest, researchers from Checkpoint have discovered a similar malware named WAPDropper.


The malware makes users subscribe to premium phone numbers in what is known as International Revenue Share Fraud (IRSF). This incurs a heavy cost on a user’s wallet affecting them financially.


See: 16 apps on Google Play Store caught distributing Joker malware


How the user is infected initially is by downloading an already infected app. Once the malware takes its place on the user’s device, it has the ability to install and execute additional malware through its dropper module.

On the other hand, the second module of the malware known as the premium dialer is responsible for unauthorizedly subscribing users to premium-rate numbers “offered by legitimate sources” which in this case happen to be telcos based in Thailand and Malaysia.



Attack Chain flow (Image: Checkpoint)



Explaining, the researchers state in their blog post that,



After installation, WAPDropper contacts its Command and Control (C&C) server and then downloads ..