Security researchers have discovered a new type of Android malware that is currently being distributed in the wild, primarily targeting users located in Southeast Asia.
Discovered by security firm Check Point, this new malware is named WAPDropper and is currently spreading through malicious applications hosted on third-party application stores.
Check Point said that once malware infects a user, it starts registering them for premium phone numbers that charge large fees for various types of services.
The end result is that all infected users receive large phone bills each month until they unsubscribe from the premium number or report the problem to their mobile operator.
This type of tactic, known as “VAP fraud”, was very popular in the late 2000s and early 2010s. software realized that many modern phones and phones still supported the older WAP standard.
The WAPDropper gang is most likely based in Southeast Asia
Check Point says that based on the premium phone numbers used in this scheme, the malware authors are likely to be based or collaborating with someone in Thailand or Malaysia.
“In this and a similar scheme, hackers and owners of premium numbers either cooperate or may even be the same group of people,” the company said in a report today.
“It’s just a numbers game: the more calls you make using top-notch services, the more revenue you generate for those behind the services.” “Everyone wins, except the unfortunate victims of the fraud.”
As for the malware itself, Checkpoint says that WAPDropper works using two different modules. The first was known as a dropper, while the second module was the component that performed the real WAP scam.
The first module was the only one packaged in malicious applications, primarily to reduce the size and fingerprints of any malicious code in them. Once the applications have been downloaded and installed on the device, this module will take over the second component and start scamming the victims.
But Check Point also wants to raise the alarm about this particular piece of malware.
“At the moment, this malware is falling premium, but in the future this burden may change to drop what the attacker wants,” Chemo Point, a mobile research manager at Checkpoint, told Aviran Hazum. ZDNet.
“This kind of multifunctional ‘dropper’, which is secretly installed on a user’s phone and then downloads further malware, was a key trend of mobile infection that we saw in 2020. attacks between January and July 2020, with combined infections in the hundreds of millions globally.
“I expect the trend to continue as we turn the new year around,” Hazum added.
The Check Point researcher encouraged users to download applications only from the official Google Play Store.
The Checkpoint team also told ZDNet that they have so far found WAPDropper malware in applications called “на, “”mountain, “an email application called”Email, “and a children’s game named”Wonderful polar fishing“Users who have installed any of these apps outside of the Play Store are advised to remove them from their devices as soon as possible.