Billing fraud is one of the most common sources of income for cybercriminals. There are currently a number of known mobile Trojans specializing in secretly subscribing users to paid services. They usually pay for legitimate services in a user’s name and scammers take a cut from the money billed. These types of subscription fees tend to be fleeced from the phone balance.
A user who is genuinely interested in subscribing to a service normally needs to visit the content provider’s website and click “subscribe.” As Trojan apps are capable of simulating a click on this icon, service providers sometimes require a confirmation code sent in a text message to complete subscription. In other cases, marketplaces try to make it harder to automate subscription by using a CAPTCHA, while others analyze traffic and block subscription scams using anti-fraud solutions. Yet there are some types of malware which can bypass at least some of these protections.
Jocker: Text message thief in Google Play
Trojans from the Trojan.AndroidOS.Jocker family can intercept codes sent in text messages and bypass anti-fraud solutions. They’re usually spread on Google Play, where scammers download legitimate apps from the store, add malicious code to them and re-upload them to the store under a different name. The trojanized apps fulfill their original purposes in most cases, and the user won’t suspect they are a source of threats.
To bypass vetting on Google Play, the Trojan monitors whether it’s gone live. The malicious payload will remain dormant while the app is stalled at the vetting stage.
Checking availability on Google Play
While trojaniz ..
Support the originator by clicking the read the rest link below.
