Russian malware is able to bypass CAPTCHA inputs, Kaspersky report claims
Long-heralded as the main avenue of protection against cybercriminals trying to steal personal details, it seems that CAPTCHA security systems may not be a reliable failsafe after all.
Kaspersky Labs has uncovered evidence of a Trojan that has developed a technique to convince CAPTCHA it is a person in order to subscribe thousands of infected Android users to premium-rate services.
Called Podec, it has so far mainly been seen in Russia, targeting Android device users primarily through the country’s popular social network, VKontakte, and signing them up to premium-rate services.
First detected in late 2014 and updated since then, Podec automatically forwards CAPTCHA requests to a real-time online human translation service that converts the image to text. The service, Antigate.com, uses image-to-text recognition software to recognise the CAPTCHA text in a matter of second, with the details then relayed back to the malware code to proceed with its execution.
Users are first drawn in to Podec by downloading supposedly cracked versions of popular computer games such as Minecraft Pocket Edition, which appear on Vkontake group pages.
Upon infection, the malware requests administrator privileges that, once granted, make it impossible to delete or halt the execution of the malware. Podec is also able to protect itself from detection using obfuscation and an “expensive legitimate code protector” to prevent any analysis of its code.
Podec can also bypass the Advice on Charge system, which notifies users about the price of a service and requires authorisation before payment.
“Podec marks a new and dangerous phase in the evolution of mobile malware. It is devious and sophisticated,” said Victor Chebyshev, non-intel research group manager at Kaspersky Lab.
“The social engineering tools used in its distribution, the commercial-grade protector used to conceal the malicious code and the complicated process of extortion achieved by passing the CAPTCHA test – all lead us to suspect that this Trojan is being developed by a team of Android developers specialising in fraud and illegal monetisation. It is clear that Podec is being further developed, possibly with new targets and goals in mind and we urge users to be wary of links and offers that sound too good to be true.”
Are you a security pro? Try our quiz!