IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

WAPDropper malware hooks you up to premium telecoms services

Hackers have incorporated machine learning into a strain that subscribes victims to legitimate services provided by telecoms firms

A newly discovered malware strain has been identified in the wild that unwittingly registers victims for premium services provided by legitimate telecoms firms. 

Named WAPDropper, the malware downloads and executes a payload, dropping a wireless application protocol (WAP) premium dialer which subscribes its victims to premium services in Thailand and Malaysia without their knowledge or consent.

The malware strain comprises two separate modules, according to Check Point Research, including a dropper module responsible for downloading the second-stage malware, and a premium dialer module that is responsible for the subscription element. 

This campaign identified by the researchers subscribes users to premium services offered by legitimate telecoms providers in Thailand and Malaysia.  

The scheme is centred on making calls to premium-rate numbers, which will, in turn, generate profit for the cyber criminals who collaborate with the owners of these particular phone numbers.

After the application is first installed on a device using third-party app stores, WAPDropper contacts the command and control server and receives the payloads to execute. This first payload is the premium dialer module, which opens a tiny web window and contacts premium services. 

Once WAPDropper opens the landing pages, it’ll attempt to subscribe the victim to these services. Alarmingly, the process includes a mechanism that can bypass the CAPTCHA security requirement, which must be overcome to complete a transaction. 

Related Resource

How cyber attack simulations differ from penetration tests and vulnerability scanning

Exploring the Cymulate Edge

It’s at this stage that the operators deploy the services of Super Eagle, a Chinese firm that offers a machine learning tool for image recognition. When the malware submits the verification code image to the service, the platform returns the coordinate position of the recognition result in the image, then parses the coordinate simulation landing.

The malware also attempts to avoid detection by hiding its icon to prevent users from spotting it on their device and uninstalling the app. The malware also performs checks to determine whether the victim is using a proxy or virtual private network (VPN). 

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Best free malware removal tools 2022
Security

Best free malware removal tools 2022

22 Jun 2022
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

16 Jun 2022
What is shoulder surfing?
social engineering

What is shoulder surfing?

10 Jun 2022
CIAM buyer’s guide
Whitepaper

CIAM buyer’s guide

6 Jun 2022

Most Popular

Actively exploited server backdoor remains undetected in most organisations' networks
cyber attacks

Actively exploited server backdoor remains undetected in most organisations' networks

1 Jul 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022