Anti-virus firm Kaspersky claims to have discovered the 1st malware to have successfully outwitted the CAPTCHA image recognition system.
In an article on its Website, Kaspersky Lab’s security analysts reported that the Trojan-SMS.AndroidOS.Podec had developed a technique to convince CAPTCHA it was a person in order to enforce subscription to thousands of infected Android users to premium-rate services.
Ist detected in late 2014 & updated since then, Podec automatically forwards CAPTCHA requests to a real-time Online human translation service that converts the image to text. It can also bypass the Advice on Charge system, which notifies users about the price of a service & requires authorization before payment. The Trojan’s goal is to extort money from victims via premium-rate services.
According to data collected with the help of the Kaspersky Security Network, Podec targets Android device users primarily through Russia’s popular social network, VKontakte (VK, vk.com). Other sources discovered by Kaspersky Lab include domains with the names of Apk-downlad3.ru & minergamevip.com. Most victims to date have been detected in Russia & surrounding countries.
Infection generally occurs through links to supposedly cracked versions of popular computer games such as Minecraft Pocket Edition. These links appear on group pages & victims are drawn in by the lack of cost & what appears to be a far lower file size for the game when compared to the legitimate version. Upon infection, the Podec malware requests administrator privileges that, once granted, making it impossible to delete or halt the execution of the malware.
Podec is a very sophisticated Trojan, said Kasperksy, & there is evidence that significant time & investment has gone into its development.
Its solution for successfully passing CAPTCHA is particularly inventive. CAPTCHA image recognition requests are increasingly added to Online forms to ensure the request is submitted by a person & not automated software. Podec passes CAPTCHA by redirecting the CAPTCHA processor to an Online image-to-text recognition service, Antigate.com. Within seconds the text from the CAPTCHA image is recognized by a person & the details are relayed back to the malware code, which can then proceed with execution.
“Podec marks a new and dangerous phase in the evolution of mobile malware. It is devious and sophisticated. The social engineering tools used in its distribution, the commercial-grade protector used to conceal the malicious code and the complicated process of extortion achieved by passing the CAPTCHA test – all lead us to suspect that this Trojan is being developed by a team of Android developers specializing in fraud and illegal monetization. It is clear that Podec is being further developed, possibly with new targets and goals in mind and we urge users to be wary of links and offers that sound to good to be true,” said Victor Chebyshev, Non-Intel Research Group Manager at Kaspersky Lab.
Share This
