![]() In conclusion, it was not one, but three surcharge text message that were needed to be sent in order to retrieve an “installation code”. Send a SMS with the text X10 to 81126 and you will receive a message with your installation code.” In the next step, input the second of the three required codes. When this code is written into the edit box, it is verified against the one in the configuration and a message box is displayed, stating that “The first code is valid. Let’s consider a scenario where the user sends a SMS message to retrieve the installation code. If the code is not written in the edit box, installation does not continue.Įxtracting the configuration file from the installer reveals some more interesting, and alarming details about the steps it’s taking and also the codes used in the process. It promises the user that an installation code will be delivered and the process can continue. ![]() The next step of the installation brings the user to a screen which states that in order for the application to be installed, a payment has to be made via a surcharge SMS to the number 81126. Upon execution, the application displays a welcome message and states it is an installer for “Mozilla Firefox 26.0”, the well-known, legitimate and free web-browser. The following information should help users understand the threat and offers some basic rules to avoid getting scammed this way. We have encountered this type of trickery among some malicious applications we have analyzed. This can be achieved via search engine optimization black hat tricks, methods widely used by the malware authors, via advertisements, spam and more. Third, they “promote” the application to potential victims. Second, they create a custom “pay-to-install” installer that implements the previous set payment service and either wraps the setup of the original software or downloads the legitimate application from a custom location when the payment is made. This varies, but includes online payment, bank transfer and surcharge SMS services. ![]() First, a payment method for use in the process is established. The malware author can launch his scheme with three simple steps. Even if the victim figures out they paid for something they could have gotten for free, the fraudster is not connected to the software and will be almost impossible to trace. They don’t even have to write a fake program that looks real.Īfter the application is paid for and installed, the user may never suspect anything because the application works as expected. The author does not need to spend the time and money to create a complex application which the user actually needs. This is a very attractive approach for cyber criminals. Recently, we have observed the rise of a new direct payment scheme where victims are tricked into paying to download freeware software. Cryptolocker malware, Rogue antiviruses or the newly discovered “pay for a freeware application” method.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |