WAPDropper Malware Signs Users Up For Expensive Subscriptions. Researchers at Check Point have recently discovered a new malware threat that targets mobile device users. WAPDropper is a multi-function bit of code capable of outfitting with a variety of payloads. At present, the hackers controlling WAPDropper have seen fit to include a premium dialer module, which gives the code the ability to sign users up for a wide range of paid premium services once there is an infection in the device.
If you’re unfortunate enough to wind up with this WAPDropper malware strain on your device, the first thing WAPDropper will do will be to gather information about your device.
The data it steals includes:
- Device ID
- Mac Address
- Your Subscriber ID
- The make and model of your device
- A list of all the apps you have installed
- A list of all services that are running
- The topmost activity package name
- Whether or not the screen is on
- Whether or not notifications for each app is enable
- Whether or not each installed app can draw overlays
- How much free storage space you’ve got
- And the total amount of RAM the device has, and how much RAM is currently available
Once the hackers have the information, the malware will then reach out to its Command and Control server and relay those details back to the hackers. WAPDropper malware will download and install the premium dialer and sign up users for expensive subscriptions.
Many premium based services rely on image-based CAPTCHA challenges, and WAPDropper’s malware design is to get around those via machine learning routines built into the code.
This WAPDropper’s malware is a highly advanced and competent strain that makes the user rack up hefty monthly charges without even realizing it until you receive the first month’s bill. If there’s a silver lining here, it lies that the campaign is only targeting victims in Malaysia and Thailand. That, at least for the moment, makes it somewhat limited in scope.
That’s small consolation for people living in those regions, of course, and that could change at any time. So this is a threat to be aware of, especially if you live, work, or travel in the areas where it’s currently operational.
