Sharp Daily
No Result
View All Result
Sunday, May 11, 2025
  • Home
  • News
    • Politics
  • Business
    • Banking
  • Investments
  • Technology
  • Startups
  • Real Estate
  • Features
  • Appointments
  • About Us
    • Meet The Team
Sharp Daily
  • Home
  • News
    • Politics
  • Business
    • Banking
  • Investments
  • Technology
  • Startups
  • Real Estate
  • Features
  • Appointments
  • About Us
    • Meet The Team
No Result
View All Result
Sharp Daily
No Result
View All Result
Home Technology

How Scammers Subscribe Mobile Users To Unwanted Paid Services

Editor SharpDaily by Editor SharpDaily
May 6, 2022
in Technology
Reading Time: 4 mins read
Scammers

Kaspersky researchers have observed fraudsters actively spreading Trojans, which secretly subscribe users to paid services, disguised as various different mobile apps, including popular games, healthcare apps and photo editors. [Photo/ Courtesy]

With an ever-growing number of smartphone users, the development of mobile applications has become a booming industry. Today there are millions of apps, helping users with almost every aspect of their everyday life – from entertainment to banking and billing. With this in mind, cybercriminals are working hard to develop their own apps and benefit from unsuspecting users.

Kaspersky researchers have observed fraudsters actively spreading Trojans, which secretly subscribe users to paid services, disguised as various different mobile apps, including popular games, healthcare apps and photo editors. Most of these Trojans request access to the user’s notifications and messages, so that the fraudsters can then intercept messages containing confirmation codes.

Users aren’t knowingly subscribing to these services but are, rather, falling victim to carelessness. For instance, a user fails to read the fine print and, before they know it, they’re paying for a horoscope app. These victims often don’t realise these subscriptions exist until their mobile phone account runs dry earlier than expected.

Read: TechnoServe Strengthening African Processors Of Fortified Foods

RELATEDPOSTS

Kenyatta University VC warns against scammers targeting the bereaved

March 25, 2024
Iphone 14

Kaspersky Issues Warning To iPhone 14 Buyers

September 13, 2022

According to Kaspersky researchers, the most widely spread Trojans that sign users up to unwanted subscriptions are:

Jocker

Trojans from the Trojan.AndroidOS.Jocker family can intercept codes sent in text messages and bypass anti-fraud solutions. They’re usually spread on Google Play, where scammers download a legitimate app from the store, add malicious code to it and then re-upload it under a different name. In most cases, these trojanised apps fulfill their purpose and the user never suspects that they’re a source of threat.

So far in 2022, Jocker has most frequently attacked users in Saudi Arabia (21.20%), Poland, (8.98%) and Germany (6.01%).

Examples of apps that spread Jocker Trojan and sign users up to unwanted subscriptions
Examples of apps that spread Jocker Trojan and sign users up to unwanted subscriptions

MobOk

MobOk is considered the most active of the subscription Trojans with more than 70% of mobile users encountering these threats. MobOk Trojan is particularly notable for an additional capability that, in addition to reading the codes from messages, enables it to bypass CAPTCHA. MobOK does this by automatically sending the image to a service designed to decipher the code shown.

Read: Safaricom Eyes More Through Tech Solutions For Enterprises

Since the beginning of the year, MobOk Trojan has most frequently attacked users in Russia (31.01%), India (11.17%) and Indonesia (11.02%).  

Vesub

Vesub Trojan is spread through unofficial sources and imitates popular games and apps, such as GameBeyond, Tubemate, Minecraft, GTA5 and Vidmate. This malware opens an invisible window, requests a subscription and then enters the code it intercepts from the victim’s received text messages. After that the user is subscribed to a service without their knowledge or consent.

Examples of fake apps used by Vesub
Examples of fake apps used by Vesub

Most of these apps lack any legitimate functionality. They subscribe users as soon as they are launched while victims just see a loading window. However, there are some examples, such as a fake GameBeyond app, where the detected malware is actually accompanied by a random set of functional games.

Two out of five users who encountered Vesub were in Egypt (40.27%). This Trojan family has also been active in Thailand (25.88%) and Malaysia (15.85%).

Read: Tech Impact On Real Estate In Africa

GriftHorse.l

Unlike the Trojans mentioned above, this one does not subscribe victims to a third-party service – instead it uses its own. Users end up subscribing to one of these services by simply not reading the user agreement carefully. For example, there are apps that have recently spread intensively on Google Play, offering to tailor personal weight-loss plans for a token fee. Such apps contain small print mentioning a subscription fee with automatic billing. This means money will be deducted from the user’s bank account on a regular basis without needing any further confirmation from the user.

“Apps can help us stay connected, fit, entertained and generally make our lives easier. There are multiple mobile apps appearing every day, for every taste and purpose – unfortunately, cybercriminals are using this to their advantage. Some of the apps are designed to steal money by subscribing users to unwanted services. These threats are preventable, which is why it’s important to be aware of the signs that give away Trojanised apps. Even if you trust an app, you should avoid granting it too many permissions. Only allow access to notifications for apps that need it to perform their intended purposes, for example, to transfer notifications to wearable devices. Apps for something like themed wallpapers or photo editing don’t need access to your notifications,” comments Igor Golovin, security expert at Kaspersky.

Read: Sanlam, Allianz Merge To Form African Insurance Giant

To stay protected, Kaspersky experts also recommend:

  • Keeping your guard up when installing apps from Google Play. Read the reviews, research the developer, terms of use and payment details. For messaging, choose a well-known app with positive reviews.
  • Checking the permissions of the apps you’re using and thinking carefully before granting additional permissions.
  • Using a reliable security solution to help detect malicious apps and adware before they achieve their goals.
  • Updating your operating system and any important apps as and when updates become available. Many safety issues can be solved by installing the updated versions of software.

Read: CMA Forced To Relax Rules As Firms Shun The Bourse

Previous Post

Sectors That Created Most Jobs In 2021 – KNBS

Next Post

Deceased Kenyans Leave Ksh2 Billion In Their M-Pesa Wallets

Editor SharpDaily

Editor SharpDaily

The latest in business, real estate, education, investments, tech and entrepreneurship, brought to you daily. Reach us through thesharpdaily@gmail.com

Related Posts

Technology

AI in Kenyan enterprises: 2025 trends and challenges

April 30, 2025
Technology

Investing in Kenya’s fast-growing education sector

December 16, 2024
Technology

Harnessing technology to tackle Kenya’s youth joblessness

December 13, 2024
Folder with close up on the word claims and a note where it is written under investigation. Concept of insurance fraud, 3d Illustration
Technology

Inside the growing threat of high-tech insurance fraud in 2024

November 4, 2024
Technology

Roam Air completes 6,000 km solar-powered journey across Africa

October 17, 2024
Technology

Starlink captures 0.5% of Kenya’s broadband market in rapid expansion

October 15, 2024

LATEST STORIES

Mothers who move us

May 9, 2025
Agriculture And Economy

Lets get Kenya out of FATF list

May 9, 2025

Stanbic bank Kenya posts 16.6% profit decline in Q1 2025

May 9, 2025

Regulatory hurdles hampering transition to electric motorcycles

May 9, 2025

A magical birthday at the springs

May 8, 2025

PSG defeat arsenal to reach Champions League final

May 8, 2025

The hidden risks of family-owned companies

May 8, 2025

Tackling Kenya’s housing crisis with affordable solutions

May 8, 2025
  • About Us
  • Meet The Team
  • Careers
  • Privacy Policy
  • Terms and Conditions
Email us: editor@thesharpdaily.com

Sharp Daily © 2024

No Result
View All Result
  • Home
  • News
    • Politics
  • Business
    • Banking
  • Investments
  • Technology
  • Startups
  • Real Estate
  • Features
  • Appointments
  • About Us
    • Meet The Team

Sharp Daily © 2024