How Trojans steal money using WAP

by Jake Doevan - -

Wireless Application Protocol, also known as WAP, allows consumers to connect to the Internet immediately via mobiles. So, WAP is pretty much a basic pretext for mobile Internet.

Trojan attacks

Back in the day, when mobile phones just started to transmit information, WAP allowed to access those little websites that could expose mostly texts.

Even though today’s consumers practically forgot about WAP, there are some individuals who still exploit it. WAP billing is one of the mechanism supported by WAP, which people still use. It enables consumers to purchase right from their mobile accounts.

Cybercriminals generate profit via WAP billing

WAP billing contains a few problems:

  • Transparency. Even though WAP billing should expose consumers what they are purchasing and the total price of the purchase, the practices could vary.
  • Complicated refunds due to the three parties that appear during transaction: the content provider, the mobile carrier and the payment service provider.
  • Payments are made without bank cards. When it comes to other scams, users are trapped to provide their credit card information. However, with WAP scam you don’t even require to have a credit card, only the access to your mobile account.

It is worth mentioning that the WAP scam looks similar as premium-rate SMS messages, and malware that uses WAP billing is not as complex as Trojans, which send those premium-rate text messages. As a result, cybercriminals and hackers do not even require to teach these viruses to gain access to text messages. Instead, these Trojans are available to stay under the radars without any permission to access the features.

Trojans know how to use WAP billing

Cybercriminals have been heavily using the conveniences of WAP billing. These criminals have begun adding to their malware creation features that enable them to open pages with WAP Billing and click buttons that set up payments secretly.

The malware selection that is recognized as Trojan-Clicker_AndroidOS.Ubsod is a good example of these Trojans. This Trojan is capable to redeem the URL addresses from a command-and-control server (C&C) and click the buttons on that website to subscribe to numerous paid offers.

In addition, this Trojan is prepared to access and delete all the texts messages that contain the text “ubscri” or “одпи” (or “подписка”, which means “subscription” in Russian), because the subscriber usually gets a notification via an SMS message when the subscription is confirmed. The Ubsod family is also capable to switch a mobile phone on mobile data by turning off the Wi-Fi, because WAP billing can’t work on Wi-Fi and requires the victim to be connected through mobile data to make subscriptions.

Similarly, another Trojan works by the same principle but is also capable to unload the files and start them. The third Trojan-Dropper.AndroidOS.Ubsod is empowered to do everything what another two can do and is also trained to overlay banking services and apps by phishing windows, expose ads, manage commands, and send text messages.

Trojan-Clicker.AndroidOS.Xafekopy is another popular Trojan that usually pretends to be a battery optimizer app for mobiles. Even though this Trojan looks innocent and its UI also does not appear to be malicious, the malware clicks via WAP billing URLs and ads URLs – a couple of methods are implemented to make money.

There is a possibility that you won’t notice that the Trojan is stealing your money from your mobile account before it is all gone.  So, do not forget a good security solution for your mobile device!

What you can do to protect your mobile account:

  1. Do not allow any installations from unknown sources. Trojans might be distributed through ads, and this block won’t allow to install them on your phone.
  2. Check out your mobile carrier self-service portal to find out if you are subscribed to something you don’t want.
  3. Get trusted mobile security software for Android. The security solution will detect and neutralize Trojans mentioned in this article. You can either consider a free or a paid version.

About the author

Jake Doevan
Jake Doevan - Computer security guru

Jake Doe is a security expert and news editor of His major is Communication and Journalism, which he obtained from the Washington and Jefferson College.

Contact Jake Doevan
About the company Esolutions

now online
Like us on Facebook