Connect with us

Hi, what are you looking for?

HEADLINES

How scammers subscribe mobile users to unwanted paid services

Today there are millions of apps, helping users with almost every aspect of their everyday life – from entertainment to banking and billing. With this in mind, cybercriminals are working hard to develop their own apps and benefit from unsuspecting users. 

With an ever-growing number of smartphone users, the development of mobile applications has become a booming industry. Today there are millions of apps, helping users with almost every aspect of their everyday life – from entertainment to banking and billing. With this in mind, cybercriminals are working hard to develop their own apps and benefit from unsuspecting users. 

Kaspersky researchers have observed fraudsters actively spreading Trojans, which secretly subscribe users to paid services, disguised as various different mobile apps, including popular games, healthcare apps, and photo editors. Most of these Trojans request access to the user’s notifications and messages so that the fraudsters can then intercept messages containing confirmation codes. 

Users aren’t knowingly subscribing to these services but are, rather, falling victim to carelessness. For instance, a user fails to read the fine print and, before they know it, they’re paying for a horoscope app. These victims often don’t realize these subscriptions exist until their mobile phone account runs dry earlier than expected.

According to Kaspersky researchers, the most widely spread Trojans that sign users up to unwanted subscriptions are:

Advertisement. Scroll to continue reading.

Jocker

Trojans from the Trojan.AndroidOS.Jocker family can intercept codes sent in text messages and bypass anti-fraud solutions. They’re usually spread on Google Play, where scammers download a legitimate app from the store, add malicious code to it, and then re-upload it under a different name. In most cases, these trojanized apps fulfill their purpose and the user never suspects that they’re a source of threat. 

So far in 2022, Jocker has most frequently attacked users in Saudi Arabia (21.20%), Poland, (8.98%), and Germany (6.01%).

Examples of apps that spread Jocker Trojan and sign users up to unwanted subscriptions

MobOk

MobOk is considered the most active of the subscription Trojans with more than 70% of mobile users encountering these threats. MobOk Trojan is particularly notable for an additional capability that, in addition to reading the codes from messages, enables it to bypass CAPTCHA. MobOK does this by automatically sending the image to a service designed to decipher the code shown. 

Advertisement. Scroll to continue reading.

Since the beginning of the year, MobOk Trojan has most frequently attacked users in Russia (31.01%), India (11.17%), and Indonesia (11.02%). 

Vesub

Vesub Trojan is spread through unofficial sources and imitates popular games and apps, such as GameBeyond, Tubemate, Minecraft, GTA5, and Vidmate. This malware opens an invisible window, requests a subscription, and then enters the code it intercepts from the victim’s received text messages. After that, the user is subscribed to a service without their knowledge or consent.

C:\Users\Meretukova\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\F56C71F2.tmp

Examples of fake apps used by Vesub 

Most of these apps lack any legitimate functionality. They subscribe users as soon as they are launched while victims just see a loading window. However, there are some examples, such as a fake GameBeyond app, where the detected malware is actually accompanied by a random set of functional games. 

Two out of five users who encountered Vesub were in Egypt (40.27%). This Trojan family has also been active in Thailand (25.88%) and Malaysia (15.85%). 

Advertisement. Scroll to continue reading.

GriftHorse.l

Unlike the Trojans mentioned above, this one does not subscribe victims to a third-party service –  instead, it uses its own. Users end up subscribing to one of these services by simply not reading the user agreement carefully. For example, there are apps that have recently spread intensively on Google Play, offering to tailor personal weight-loss plans for a token fee. Such apps contain small print mentioning a subscription fee with automatic billing. This means money will be deducted from the user’s bank account on a regular basis without needing any further confirmation from the user. 

“Apps can help us stay connected, fit, entertained and generally make our lives easier. There are multiple mobile apps appearing every day, for every taste and purpose – unfortunately, cybercriminals are using this to their advantage. Some of the apps are designed to steal money by subscribing users to unwanted services. These threats are preventable, which is why it’s important to be aware of the signs that give away Trojanized apps. Even if you trust an app, you should avoid granting it too many permissions. Only allow access to notifications for apps that need it to perform their intended purposes, for example, to transfer notifications to wearable devices. Apps for something like themed wallpapers or photo editing don’t need access to your notifications”’ comments Igor Golovin, security expert at Kaspersky.

To learn more about unwanted subscription apps, visit Securelist.com

To stay protected, Kaspersky experts also recommend to:

Advertisement. Scroll to continue reading.
  • Keep your guard up when installing apps from Google Play. Read the reviews, research the developer, terms of use, and payment details. For messaging, choose a well-known app with positive reviews.
  • Check the permissions of the apps you’re using and thinking carefully before granting additional permissions. 
  • Use a reliable security solution to help detect malicious apps and adware before they achieve their goals. 
  • Update your operating system and any important apps as and when updates become available. Many safety issues can be solved by installing the updated versions of software.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well...

HEADLINES

Financial phishing attacks are rapidly increasing in the country as cybercriminals continuously evolve and adapt their tactics, making them sophisticated. The number of attacks...

HEADLINES

A Scale of Harm study by the International Justice Mission revealed that almost half a million Filipino children were trafficked to produce new child...

HEADLINES

Yondu launched an extensive, month-long cybersecurity awareness campaign focused on modern threat detection, incident response, and social engineering defense.

ELECTRONICS

Philips EasyKey partnered with Megaworld and equipped their world-class properties with only the best-in-class smart locks we have on offer, the Philips EasyKey 9300.

HEADLINES

The PLDT wireless unit is also calling on customers to report these messages to Smart’s HULISCAM portal for further action.

HEADLINES

Here are some tips from Sophos for staying secure online during the cybersecurity awareness month.

HEADLINES

While only 21% of hackers believed that AI technologies enhance the value of hacking in 2023, 71% reported it to have value in 2024....

Advertisement