Security researchers Check Point they discovered one new Android malware, used in attacks against users in Southeast Asia (mainly). The new malware is called WAPDropper and right now distributed through malicious applications hosted in third-party application stores.
Check Point said that when the WAPDropper malware infects a user, begins to registers for premium phone numbers which generate large charges for various types of services.
The result is that infected users get older accounts each month until they are unsubscribed from the premium services or report the issue to their mobile service provider.
This attack is known as "WAP fraud”And was very popular in the late 2000s and early 2010s. It disappeared with the rise of smartphones, but returned when Malware creators realize that many modern phones and telecommunications support the older WAP standard.
The WAPDropper gang is likely to be based in Asia
"It's just a number game: the more calls you make with premium services, the more revenue is generated for those behind services. Everyone wins, except the victims of fraud".
As for the malware itself, Check Point says that WAPDropper works with two different modules. The first is one dropper, while the second is key component that carries out WAP fraud.
After downloading and installing the malware in one device, the dropper downloads the second component. Thus begins the fraud.
Check Point researchers warn that the malware can later be used to install other malware.
This type of multi-function dropper is secretly installed on a user's phone and then downloads other malware"These" dropper "trojans accounted for almost half of all mobile malware attacks between January and July 2020," said Aviran Hazum, a Check Point researcher.
"I expect the trend to continue in the new year", He even said and stressed that the users it must to download apps only from the official Google Play Store.
The Check Point research team said they have now found WAPDropper malware in applications called "af," "dolok", an email application called "Email" and a children's toy called "Awesome Polar Fishing" . The users who have downloaded these applications from stores outside Play Store, must remove them from the Appliances as soon as possible.