Specialists of “Kaspersky Lab” found a new SMS-Trojan called Podec, which through secret subscribe to paid services steal money from the owners of devices running the operating system Android.
Also feature of this virus is that it is able to bypass the security mechanism CAPTCHA, which protects real users from bots. Researchers report that the main venue of the virus is a popular social network “VKontakte”.
Podec sends messages to short numbers, correctly answering requests confirmation of payment services, and signed by an infected device to paid services, bypassing the CAPTCHA.
The largest number of attempts to infect, which is about 4000 unique users registered company in Russia, and is followed by Kazakhstan and Ukraine, where the figure is around 300 people in each of the two countries. Attackers use a special group in the social network “VKontakte” where users offer free download cracked versions of popular applications which came with the virus itself. After installation, Podec requests administrative rights to the user or security applications could not remove it. If the owner of the device fails, the request will appear as long as there is not accepted. In this case, to operate the unit has become impossible.
Once a careless user gave the desired virus right, he immediately moves into his “work”, which depends on the preset hackers. Among the options is known about DDoS-attacks and subscription to premium services without the consent of the owner of the device. It is worth noting that such services usually used defense mechanism CAPTCHA, which sift malicious applications, but developers of Podec found a way around it. Employees of “Kaspersky Lab” found that hackers use the services of the service Antigate.com, designed for manual text recognition in images. The user learns that he became a victim of fraud only after his account has been robbed of funds.
The specialists have compared different versions Podec and assure that its developers are constantly improve it by adding new features, some of which are not even involved. This means that users will soon be waiting for a more dangerous version of the virus.