Have you ever seen those.. whatcha call them? mmm.. random images on a form when you sign up(or login, register, do a password recovery or comment on a post) that tells you to type whatever you see on the image at the box? Yup! Those are CAPTCHAs, my friend.
So, what exactly is a CAPTCHA? and.. what does it have to do with and Android Malware?
"Ah~ it's those type-in-what-you-see-in-the-image thingies?". Yup!
"It's also a security thing, right?". Correct~
So, what exactly is a CAPTCHA? and.. what does it have to do with and Android Malware?
A brief history about CAPTCHA..
CAPTCHA has been around since year 2000. It is a term coined by Luis von Ahn, Manuel Blum, Nicholas Hopper and John Langford of Carnegie Mellon University. It stands for Completely Automated Public Turing Test To Tell Computers and Humans Apart. (whew~ that indeed was a mouthful.)
CAPTCHAs are used to determine whether the user is a human or a bot.
CAPTCHAs are used to determine whether the user is a human or a bot.
Now, why am i talking about CAPTCHA?
Well, an Android trojan can now crack those babies. "WHAT?!",you say? You heard me. CAPTCHA can now be bypassed by a certain Android Trojan. Namely, Android.Trojan.MKero.A.
This malware was first discovered in 2014. It was mainly distributed to users who were downloading apps through unverified sources, usually referred to as third-party marketplaces. But now, Bitdefender has reported that the malware has slipped through Google Play Store's Bouncer app scanning system and infected users.
The malware has disguised itself as a legitimate game app, a typical malware trait. Once the user has installed this malicious app, the malware will then start to connect to a C&C(Command & Control) server. The C&C server will send a URL to the malware wherein the URL will be a target premium subscription that the malware will use to secretly subscribe the user to.
In order to subscribe the user to a premium service, the target premium subscription will require the user to verify themselves through CAPTCHA. However, the malware does not want the user to find out its malicious deeds. That's why the malware will extract the CAPTCHA image and then sends the image to a image-to-text recognition service via Antigate.com. When the malware receives the CAPTCHA image's code, it will then proceed to subscribe the user to the premium service.
This malware was first discovered in 2014. It was mainly distributed to users who were downloading apps through unverified sources, usually referred to as third-party marketplaces. But now, Bitdefender has reported that the malware has slipped through Google Play Store's Bouncer app scanning system and infected users.
The malware has disguised itself as a legitimate game app, a typical malware trait. Once the user has installed this malicious app, the malware will then start to connect to a C&C(Command & Control) server. The C&C server will send a URL to the malware wherein the URL will be a target premium subscription that the malware will use to secretly subscribe the user to.
In order to subscribe the user to a premium service, the target premium subscription will require the user to verify themselves through CAPTCHA. However, the malware does not want the user to find out its malicious deeds. That's why the malware will extract the CAPTCHA image and then sends the image to a image-to-text recognition service via Antigate.com. When the malware receives the CAPTCHA image's code, it will then proceed to subscribe the user to the premium service.
 |
| Android.Trojan.MKero.A's procedure |
Image and Article Refs: http://news.softpedia.com/news/android-malware-secretly-subscribes-victims-to-premium-sms-services-491264.shtml and http://www.hotforsecurity.com/blog/sophisticated-capcha-bypassing-malware-found-in-google-play-according-to-bitdefender-researchers-12616.html
No comments:
Post a Comment