Weaponized Apps Found in Google Play Store
Researchers from Bitdefender have discovered a large number of applications in the Google Play Store which have been weaponized with a virus known as Android.Trojan.MKero.A. The virus in question surreptitiously subscribes users to premium SMS services which are paid for from the user’s mobile phone account, thereby monetizing the virus for cyber criminals. The researchers discovered seven applications which were able to bypass Google Bouncer, the in-house automated security system implemented in the Play Store to block malicious applications uploaded to the marketplace:
- irontubegames.tower3d
- likegaming.rd
- likegaming.gtascs
- likegaming.rcdtwo
- likegaming.rcd
- likegaming.ror
- uberspot.a2048mk
A notable aspect of the Trojan infection is that it bypasses the CAPTCHA authentication systems required to subscribe to premium SMS services and, thus, ensure that a human being is performing such a transaction and not an automated system or bot (the acronym stands for "Completely Automated Public Turing test to tell Computers and Humans Apart"). Typical CAPTCHA technology requires you to identify alphanumeric characters inside of an image and enter the information into a form. In this case, the criminals responsible for the Trojan outsourced the CAPTCHA recognition aspect of this exploit to Antigate.com, a company that utilizes workers from developing countries to complete large volumes of CAPTCHA requests through a proprietary system.
According to Bitdefender, “Among Google Play apps that disseminate the Trojan, two have between 100,000 and 500,000 installs each, raising the potential victim count to staggering numbers.” As the trojan is intended to act surreptitiously, victims would likely be unaware of the infection without verifying their phone bills and even then, a single payment for a premium service may not arouse suspicion. According to IBM, the current rate of infections for mobile devices is equal to PC infection rates, “signifying that cybercriminals are shifting their resources and attention to the mobile channel.”