The versatile multi-function ‘dropper’ malware can be modified to do more than the current damage to Malaysia and Thailand users.

A threat campaign using never-before-seen, multi-functional malware has been discovered in South-east Asia.

The malware signs up Android users, without consent, to premium services provided by telecoms packages in Thailand and Malaysia.

The attack flow begins with Android user downloading an infected app from any app store or website. The malware then contacts its Command and Control (C&C) server to download a premium-rate dialer module and signs the user up for premium services in telco websites.

To bypasses security challenges such as CAPTCHAs in the telco services registration process, the malware uses the services of ‘Super Eagle’—a Chinese company that offers machine learning solution for image recognition.

A rising malware star for 2021

The new malware, called WAPDropper, also has the ability to download and execute additional malware to the infected device. This type of multi-function ‘dropper’ stealthily installs onto a user’s phone and then downloads further malware is the most common type of mobile infection seen in 2020. These ‘dropper’ trojans represented nearly half of all mobile malware attacks between January and July, with combined infections in the hundreds of millions globally.

The hackers and the owners of the premium rate numbers are either co-operating or could even be the same group of people. It is simply a numbers game: the more calls made using the premium-rate services, the more revenue is generated for those behind the services.  Everybody wins, except the unfortunate victims of the scam.

According to Aviran Hazum, Manager of Mobile Research, Check Point Software Technologies—the firm that announced the discovery: “WAPDropper is truly multi-functional. Right now, this malware drops a premium dialer, but in the future this payload can change to drop whatever the attacker wants. This type of multi-function ‘dropper’ has been a key mobile infection trend we’ve seen in 2020. I expect the trend to continue as we turn the new year.”

Readers are strongly urged to download apps only from official app marketplaces, and even such places are no guarantee of cybersecurity unless mobile phone safety best practices are in force.