comscore New Trojan compromises mobile internet billing to siphon off money | BGR India
News

New Trojan compromises mobile internet billing to siphon off money

The Trojan sneaks into devices and initiates WAP payments without users' knowledge.

  • Published: August 29, 2017 9:15 PM IST
android-malware-stock-image

If you use the mobile internet billing system for your online purchases, cybercriminals might be on the lookout to spread malicious software and subscribe you to paid services without your knowledge. Mobile internet billing or WAP billing is being increasingly used by cybercriminals to dupe mobile users of money, according to the latest research.

Mobile internet billing or WAP billing is used to buy content on websites, app stores, etc which charge directly on mobile phone bill. However, unlike traditional methods of credit or debit cards, the mobile internet billing system does not require users to register for a service, IB Times notes.

Kaspersky Lab researcher John Snow says that the amenities of WAP billing have been actively abused by hackers to spread Trojan malware. The old method of billing has become a favorite among malicious hackers. According to a recent report by the security firm, these Trojans began to show up more frequently than usual in the second quarter of 2017. ALSO READ: India, Pakistan targets of ‘state-sponsored’ cyber attack: Symantec

As Snow explains, cybercriminals have started adding to their malware the ability to open Web pages that have WAP billing and click buttons that initiate payments while the user suspects nothing. This vulnerability particularly impacts Android users.

Kaspersky Lab has identified the Ubsod family as one of the most notable Trojans taking advantage of mobile internet billing. One strain detected as Trojan-Clicker-AndroidOS.Ubsod, works from a command-and-control server. It takes the URL addresses of websites with buttons and visits these websites by itself, subscribing to paid services, without the users’ knowledge. Other variants detected include Trojan-Dropper.AndroidOS.Ubsod, Trojan-Banker.AndroidOS.Ubsod and Trojan-Clicker.AndroidOS.Xafekopy. ALSO READ: Mumbai man duped of Rs 1.97 crore by online scammers on Facebook

You can avoid getting victimized at the hands of malicious hackers by taking a few precautions. First, you should never install apps from unknown sources. Always stick to the official app stores and listings to install apps. In addition to that, you should also change your security settings to prevent automatic permission to install such apps. Lastly, you should periodically check all active services on your mobile number, including WAP subscriptions. If there is unwanted activity, disable it immediately.

  • Published Date: August 29, 2017 9:15 PM IST