Connect with us

Hi, what are you looking for?

HEADLINES

How scammers subscribe mobile users to unwanted paid services

Today there are millions of apps, helping users with almost every aspect of their everyday life – from entertainment to banking and billing. With this in mind, cybercriminals are working hard to develop their own apps and benefit from unsuspecting users. 

With an ever-growing number of smartphone users, the development of mobile applications has become a booming industry. Today there are millions of apps, helping users with almost every aspect of their everyday life – from entertainment to banking and billing. With this in mind, cybercriminals are working hard to develop their own apps and benefit from unsuspecting users. 

Kaspersky researchers have observed fraudsters actively spreading Trojans, which secretly subscribe users to paid services, disguised as various different mobile apps, including popular games, healthcare apps, and photo editors. Most of these Trojans request access to the user’s notifications and messages so that the fraudsters can then intercept messages containing confirmation codes. 

Users aren’t knowingly subscribing to these services but are, rather, falling victim to carelessness. For instance, a user fails to read the fine print and, before they know it, they’re paying for a horoscope app. These victims often don’t realize these subscriptions exist until their mobile phone account runs dry earlier than expected.

According to Kaspersky researchers, the most widely spread Trojans that sign users up to unwanted subscriptions are:

Advertisement. Scroll to continue reading.

Jocker

Trojans from the Trojan.AndroidOS.Jocker family can intercept codes sent in text messages and bypass anti-fraud solutions. They’re usually spread on Google Play, where scammers download a legitimate app from the store, add malicious code to it, and then re-upload it under a different name. In most cases, these trojanized apps fulfill their purpose and the user never suspects that they’re a source of threat. 

So far in 2022, Jocker has most frequently attacked users in Saudi Arabia (21.20%), Poland, (8.98%), and Germany (6.01%).

Examples of apps that spread Jocker Trojan and sign users up to unwanted subscriptions

MobOk

MobOk is considered the most active of the subscription Trojans with more than 70% of mobile users encountering these threats. MobOk Trojan is particularly notable for an additional capability that, in addition to reading the codes from messages, enables it to bypass CAPTCHA. MobOK does this by automatically sending the image to a service designed to decipher the code shown. 

Advertisement. Scroll to continue reading.

Since the beginning of the year, MobOk Trojan has most frequently attacked users in Russia (31.01%), India (11.17%), and Indonesia (11.02%). 

Vesub

Vesub Trojan is spread through unofficial sources and imitates popular games and apps, such as GameBeyond, Tubemate, Minecraft, GTA5, and Vidmate. This malware opens an invisible window, requests a subscription, and then enters the code it intercepts from the victim’s received text messages. After that, the user is subscribed to a service without their knowledge or consent.

C:\Users\Meretukova\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\F56C71F2.tmp

Examples of fake apps used by Vesub 

Most of these apps lack any legitimate functionality. They subscribe users as soon as they are launched while victims just see a loading window. However, there are some examples, such as a fake GameBeyond app, where the detected malware is actually accompanied by a random set of functional games. 

Two out of five users who encountered Vesub were in Egypt (40.27%). This Trojan family has also been active in Thailand (25.88%) and Malaysia (15.85%). 

Advertisement. Scroll to continue reading.

GriftHorse.l

Unlike the Trojans mentioned above, this one does not subscribe victims to a third-party service –  instead, it uses its own. Users end up subscribing to one of these services by simply not reading the user agreement carefully. For example, there are apps that have recently spread intensively on Google Play, offering to tailor personal weight-loss plans for a token fee. Such apps contain small print mentioning a subscription fee with automatic billing. This means money will be deducted from the user’s bank account on a regular basis without needing any further confirmation from the user. 

“Apps can help us stay connected, fit, entertained and generally make our lives easier. There are multiple mobile apps appearing every day, for every taste and purpose – unfortunately, cybercriminals are using this to their advantage. Some of the apps are designed to steal money by subscribing users to unwanted services. These threats are preventable, which is why it’s important to be aware of the signs that give away Trojanized apps. Even if you trust an app, you should avoid granting it too many permissions. Only allow access to notifications for apps that need it to perform their intended purposes, for example, to transfer notifications to wearable devices. Apps for something like themed wallpapers or photo editing don’t need access to your notifications”’ comments Igor Golovin, security expert at Kaspersky.

To learn more about unwanted subscription apps, visit Securelist.com

To stay protected, Kaspersky experts also recommend to:

Advertisement. Scroll to continue reading.
  • Keep your guard up when installing apps from Google Play. Read the reviews, research the developer, terms of use, and payment details. For messaging, choose a well-known app with positive reviews.
  • Check the permissions of the apps you’re using and thinking carefully before granting additional permissions. 
  • Use a reliable security solution to help detect malicious apps and adware before they achieve their goals. 
  • Update your operating system and any important apps as and when updates become available. Many safety issues can be solved by installing the updated versions of software.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

APPS

In line with Privacy Awareness Week starting May 23, Facebook encourages its users to learn about the tools and resources to keep their accounts...

HEADLINES

Statistics from the cybersecurity company show that the top five applications young Pinoy kids are spending time most on are YouTube (26.46%), TikTok (16.75%)...

HEADLINES

Sophos is the only vendor named a Customers’ Choice in both the 2022 Voice of the Customer: Network Firewalls and 2021 Voice of the...

HEADLINES

While ransomware remains a prominent threat, with two-thirds (64%) of companies already having suffered an attack, paying ransom seems to be perceived by executives...

HEADLINES

Kaspersky experts are always keeping an eye on ransomware groups’ activities and on Anti-Ransomware Day have released a report covering new ransomware trends spotted...

HEADLINES

The country comes second after Thailand, where children are highly exposed to online risks and don't have sufficient skills to cope with cyberthreats.

Biz Solutions

Kaspersky has introduced Endpoint Security Cloud Pro to provide companies with the opportunity to use advanced technologies to secure increasingly complex environments with the...

HEADLINES

The average ransom paid by organizations that had data encrypted in their most significant ransomware attack, increased nearly fivefold to reach $812,360, with a...

Advertisement