Mobile Trojan clickers that are stealing money from Android users through WAP-billing have been discovered by Kaspersky Lab researchers. The trend is becoming common with thousands of affected users in different countries across the globe.

Wireless Application Protocol (WAP) billing has been widely used by mobile network operators for paid services and subscriptions for many years. This form of mobile payment charges costs directly to the user’s mobile phone bill, without the need for bank card registration or a sign-up process. A user is usually redirected to a different web page via a button and offered a range of additional services.

By clicking on it, the user activates a subscription, and his mobile account is charged. In this current threat scenario, all of these actions can be easily implemented by a Trojan, which performs in secret and clicks on every page by itself. In addition, a simple registration of domains in a mobile operator’s billing system, allows fraudsters to relatively easy connect their website to a WAP-billing service. As a result, money from a victim’s account flows directly to the hackers’ accounts.

“We haven’t seen these types of Trojans for a while. The fact that they have become so popular lately might indicate that cybercriminals have started to use other verified techniques, such as WAP-billing, to exploit users. Moreover, a premium rate SMS Trojan is more difficult to create. It is also interesting that malware has targeted mainly Russia and India, which could be connected to the state of their internal, local telecoms markets. However, we have also detected the Trojans in South Africa and Egypt”, says Roman Unuchek, security expert at Kaspersky Lab.

Read more