Secret monthly fee

Issue 2 2022 Cyber Security

With an ever-growing number of smartphone users, the development of mobile applications has become a booming industry. Today there are millions of apps, helping users with almost every aspect of their everyday life from entertainment to banking and billing. With this in mind, cybercriminals are working hard to develop their own apps and benefit from unsuspecting users.

Kaspersky researchers have observed fraudsters actively spreading Trojans, which secretly subscribe users to paid services, disguised as various mobile apps, including popular games, healthcare apps and photo editors. Most of these Trojans request access to the user’s notifications and messages, so that the fraudsters can then intercept messages containing confirmation codes.

Users aren’t knowingly subscribing to these services but are, rather, falling victim to carelessness. For instance, a user fails to read the fine print and before they know it, they’re paying for a horoscope app. These victims often don’t realise these subscriptions exist until their mobile phone account runs dry earlier than expected.

According to Kaspersky researchers, the most widely-spread Trojans that sign users up to unwanted subscriptions are:

Jocker: Trojans from the Trojan.AndroidOS.Jocker family can intercept codes sent in text messages and bypass anti-fraud solutions. They're usually spread on Google Play, where scammers download a legitimate app from the store, add malicious code to it and then re-upload it under a different name. In most cases, these trojanised apps fulfil their purpose and the user never suspects that they’re a source of threat.

MobOk: MobOk is considered the most active of the subscription Trojans with more than 70% of mobile users encountering these threats. MobOk Trojan is particularly notable for an additional capability that, in addition to reading the codes from messages, enables it to bypass CAPTCHA. MobOK does this by automatically sending the image to a service designed to decipher the code shown.

Vesub: The Vesub Trojan is spread through unofficial sources and imitates popular games and apps, such as GameBeyond, Tubemate, Minecraft, GTA5 and Vidmate. This malware opens an invisible window, requests a subscription and then enters the code it intercepts from the victim’s received text messages. After that the user is subscribed to a service without their knowledge or consent.

Most of these apps lack any legitimate functionality. They subscribe users as soon as they are launched while victims just see a loading window. However, there are some examples, such as a fake GameBeyond app, where the detected malware is actually accompanied by a random set of functional games.

GriftHorse.l: Unlike the Trojans mentioned above, this one does not subscribe victims to a third-party service – instead it uses its own. Users end up subscribing to one of these services by simply not reading the user agreement carefully. For example, there are apps that have recently spread intensively on Google Play, offering to tailor personal weight-loss plans for a token fee. Such apps contain small print mentioning a subscription fee with automatic billing. This means money will be deducted from the user's bank account on a regular basis without needing any further confirmation from the user.

“Apps can help us stay connected, fit, entertained and generally make our lives easier. There are multiple mobile apps appearing every day, for every taste and purpose – unfortunately, cybercriminals are using this to their advantage. Some of the apps are designed to steal money by subscribing users to unwanted services. These threats are preventable, which is why it’s important to be aware of the signs that give away trojanised apps. Even if you trust an app, you should avoid granting it too many permissions. Only allow access to notifications for apps that need it to perform their intended purposes, for example, to transfer notifications to wearable devices. Apps for something like themed wallpapers or photo editing don't need access to your notifications,” comments Igor Golovin, security expert at Kaspersky.

Learn more at www.kaspersky.co.za


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Dashboard for streamlined ransomware recovery
Cyber Security
The new CyberSense interface provides intuitive post-attack forensic reports that provide powerful insight into data corruption due to a ransomware attack, facilitating ransomware recovery.

Read more...
You have a ‘super malicious insider’
J2 Software Cyber Security
There’s a super malicious insider who is technically proficient and often acutely aware of an organisation’s technical limitations in proactively detecting insider threats.

Read more...
Keep cloud-based security simple
Cyber Security
SA businesses have more mobile workforces now, which means a greater need for cloud security that follows data and users wherever they are amidst increase in cyberattacks.

Read more...
How crypto cons work and how to protect yourself
Cyber Security
The digital gold rush is here. As more people attempt to make money from cryptocurrencies, criminals and con artists aren’t far behind, says Carey van Vlaanderen, CEO of ESET South Africa.

Read more...
Ongoing cybersecurity with a click
Technews Publishing Editor's Choice Cyber Security Security Services & Risk Management
Maintain your cybersecurity posture with web services from Pretect designed to keep your IT infrastructure optimally protected 24 x 7.

Read more...
The battle of AI and ML in the cybersecurity world
Cyber Security Products
The security industry is using ML/AI in various applications such as tackling huge volumes of malware, detecting spam and business email compromises, analysing network traffic, using facial recognition and more.

Read more...
Cyber questions for today’s business
Cyber Security
Roberto Arico, Cybereason senior sales engineer for Africa, answers cybersecurity questions companies need to consider in the present risk landscape.

Read more...
Exclusive Networks Africa expands security services
Cyber Security News Products
Exclusive Networks Africa announced a new partnership agreement with Infoblox to simplify complex distributed networking and security, by delivering modern, cloud-first networking and security services that automate and streamline user experiences.

Read more...
How cloud computing affects businesses in RSA
Cyber Security
In order to optimise the benefits of data security in enterprises, cloud computing solutions must be considered as part of a comprehensive security strategy.

Read more...
Zero time. Zero tolerance. Zero-day.
Cyber Security
Tackling the complexity and security of zero-day attacks in 2022, by Stephen Osler, co-founder and business development director at Nclose.

Read more...