Cybercriminals have found a new way to steal money from mobile phone owners. Through the old mobile internet billing method, these criminals are able to let out Trojans that can make users subscribe to paid services without their knowledge.
Mobile internet billing, previously known as WAP billing, is a payment method to buy contents on websites that charge directly on a mobile phone bill. Unlike debit and credit card payments, mobile internet billing does not require users to register for a service.
Trojans steal money
A number of known Trojans have been discovered being used by cybercriminals to siphon off cash from mobile phone users, particularly on Android. According to a recent report from Kaspersky Lab, mobile internet billing has become a favourite zone for abusive cybercriminals as these Trojans began to show up more frequently than usual in the second quarter of 2017.
"The amenities of WAP billing have been actively abused by cybercriminals, who have started adding to their malware the ability to open Web pages that have WAP billing and click buttons that initiate payments while the user suspects nothing", writes Kaspersky Lab's John Snow in an article.
Trojans at large
The security software company has pinned down the Ubsod family as one of the most notable Trojans that has learned to exploit mobile internet billing. One strain is detected as Trojan-Clicker-AndroidOS.Ubsod, which works from a command-and-control server wherein it takes the URL addresses of websites with buttons and visits these websites by itself later to subscribe victims to any paid services.
Other variants detected are Trojan-Dropper.AndroidOS.Ubsod, Trojan-Banker.AndroidOS.Ubsod and Trojan-Clicker.AndroidOS.Xafekopy, which all do almost similar to the first one.
Snow has suggested a couple of things to protect mobile phone owners from getting scammed by these cybercriminals. First, do not install apps from unknown sources. Tweak security settings to prevent automatic permission to install these.
Second, check all active services, especially WAP subscriptions. There might be unwanted subscriptions in there. Make sure to disable them if subscribed.