New Trojans Using Old Tactics To Steal Money Via Mobile Billing
New trojans stealing money through mobile billing.
There has been a sudden rise in trojans using old tactics to get Android devices to trickle money into the accounts of malicious attackers. The trojans take money by using mobile billing services, a system that adds debt onto your monthly mobile bill.
Kaspersky Lab has reported on the recent rise of Android mobile billing trojans, mentioning that there was a sharp rise in activity from such malicious attacks in Q2 2017. The attacks were mainly aimed at those in Russia and India, but attacks spread far out across the globe.
When used legitimately, mobile billing can be a way for individuals to get services online for free and then pay back the cost in their next monthly mobile bill. It’s been a useful payment method for decades, but it’s not without its flaws.
The scary part about this type of Android malware is that it doesn’t require a user to install any apps. Instead, a user simply needs to click on a malicious URL and the device will automatically sign up to a service via mobile billing. In most cases, these services will create a monthly subscription to a dud service that provides no benefit to its users. Attackers will often take small amounts of money through the mobile billing service to avoid arousing suspicion, and they can then use this tactic to take hundreds of dollars per user each year.
A security expert at Kaspersky Lab, Roman Unuchek, made a statement on the matter.
“We haven’t seen these types of trojans for a while. The fact that they have become so popular lately might indicate that cybercriminals have started to use other verified techniques, such as WAP-billing, to exploit users. Moreover, a premium rate SMS trojan is more difficult to create. It is also interesting that malware has targeted mainly Russia and India, which could be connected to the state of their internal, local telecoms markets. However, we have also detected the trojans in South Africa and Egypt.”
Interestingly, despite the rise in WAP-billing, it’s still not the most prevalent malware on Android right now. One of the most popular malware types is adware – with this, attackers will earn money by forcing ads to show on a user’s device. Whilst this can be frustrating to deal with as an end user, it, fortunately, does not take any money from infected user’s accounts.
“While we have certainly seen examples of malware that targets users of WAP-billing services, it is not the most prevalent threat that we see on mobile. In fact, the class of malware that we currently see in broad distribution is adware. It seems that many attackers are simply going after a quick payday and mobile adware, much like spam was on email, provides the easiest way to profit from mass distribution.”
Other types of malware are also starting to appear more frequently on infected Android devices. Some malware can use a variety of tracking techniques to grab user data, which can then be used to steal bank account information. Alternatively, attackers will sell this information on to malicious organizations. The tracking techniques used by such malware includes SMS tracking, app usage tracking, GPS tracking, and keyboard tracking.