How Trojans steal money from our smartphones

Some Trojans target users with the sole purpose of signing them up for subscription services. Here's how victims are scammed

Smartphones are often affected by Trojan horses, devious viruses that primarily target user data. Generally, using a variety of strategies, the Trojans try to get hold of banking credentials or subscription services on behalf of victims.

Malware in this unfortunate category mainly affects mobile devices, especially those running on Android, where it is easier to install apps from unknown sources. And it is precisely the apps installed from unofficial and alternative markets that are one of the main trojan vectors. Kaspersky recently discovered, for example, a new version of Svpeng, a trojan with keylogging techniques. As time goes by, "Trojan Horses" for smartphones have become more and more dangerous: they use sophisticated systems to sneak into devices and steal money from victims, often acting undisturbed.

Trojans and WAP Billing

Do you remember when on the market, long before smartphones arrived, some cell phones could connect to the network, using the WAP protocol, acronym of Wireless Application Protocol? What does WAP have to do with trojans? You'll understand in a while.

A part of the services offered by the sites, in fact, still employs the WAP protocol, especially the paid ones. We talk in this case about WAP Billing. WAP Billing is often used to describe subscription services that the user has not asked for, and which have arrived because he or she has inadvertently touched a banner that has been artfully created by fraudsters.

Trojans have learned to steal money from their victims by exploiting WAP Billing. Some of them, in fact, once penetrated the device, are able to click on the buttons that start the paid services. Others, however, open malicious pages in the hope that the victim will somehow fall into the trap. And that's not all.

Some viruses are so "smart" that they intercept and delete SMS messages from operators confirming subscription, before they arrive on the phone.

The bottom line is that phone credit is drained (while the bill goes up)

How to defend yourself

The first mistake to avoid like the plague is downloading applications from unknown sources. Using an alternative market to Android is dangerous: programs caught randomly on the net are not checked and, therefore, could contain a Trojan. Beware of bogus update banners: apps are updated only and always through official stores.

Don't surf on unsafe websites. And remember to check your phone credit periodically, so that you can intervene promptly in case of fraud.