跳到主体内容

Kaspersky Lab discovers Podec: the first Trojan to trick CAPTCHA into thinking its human

2015年3月10日

The first malware to successfully outwit the CAPTCHA image recognition system has been detected by Kaspersky Lab’s security analysts.

The first malware to successfully outwit the CAPTCHA image recognition system has been detected by Kaspersky Lab’s security analysts. The Trojan-SMS.AndroidOS.Podec has developed a technique to convince CAPTCHA it is a person in order to subscribe thousands of infected Android users to premium-rate services. First detected in late 2014 and updated since then, Podec automatically forwards CAPTCHA requests to a real-time online human translation service that converts the image to text. It can also bypass the Advice on Charge system, which notifies users about the price of a service and requires authorization before payment. The Trojan’s goal is to extort money from victims via premium-rate services.

According to data collected with the help of the Kaspersky Security Network, Podec targets Android device users primarily through Russia’s popular social network, VKontakte (VK, vk.com). Other sources discovered by Kaspersky Lab include domains with the names of Apk-downlad3.ru and minergamevip.com. Most victims to date have been detected in Russia and surrounding countries.

Infection generally occurs through links to supposedly cracked versions of popular computer games, such as Minecraft Pocket Edition. These links appear on group pages and victims are drawn in by the lack of cost and what appears to be a far lower file size for the game when compared to the legitimate version. Upon infection, the Podec malware requests administrator privileges that, once granted, make it impossible to delete or halt the execution of the malware.

Podec is a very sophisticated Trojan and there is evidence that significant time and investment has gone into its development.

Its solution for successfully passing CAPTCHA is particularly inventive. CAPTCHA image recognition requests are increasingly added to online forms to ensure the request is submitted by a person and not automated software. Podec passes CAPTCHA by redirecting the CAPTCHA processor to an online image-to-text recognition service, Antigate.com. Within seconds the text from the CAPTCHA image is recognized by a person and the details are relayed back to the malware code, which can then proceed with execution.

Further, the Trojan employs highly sophisticated techniques to prevent any analysis of its code. As well as introducing garbage classes and obfuscation into the code, the cybercriminals use an expensive legitimate code protector which makes it difficult to gain access to the source code of the Android application.

Kaspersky Lab believes that the development of the Trojan is ongoing; that the code is being refactored, new capabilities are being added, and module architectures are being reworked.

“Podec marks a new and dangerous phase in the evolution of mobile malware. It is devious and sophisticated. The social engineering tools used in its distribution, the commercial-grade protector used to conceal the malicious code and the complicated process of extortion achieved by passing the CAPTCHA test - all lead us to suspect that this Trojan is being developed by a team of Android developers specializing in fraud and illegal monetization. It is clear that Podec is being further developed, possibly with new targets and goals in mind and we urge users to be wary of links and offers that sound to good to be true,” said Victor Chebyshev, Non-Intel Research Group Manager at Kaspersky Lab.

Users of Kaspersky Lab’s products are already secured against all known versions of Trojan-SMS.AndroidOS.Podec. Kaspersky Lab also recommends that users only install applications sourced from official stores such as Google Play and avoid downloading cracked apps advertised as free of charge.

For more details, please go to Securelist.com

Kaspersky Lab discovers Podec: the first Trojan to trick CAPTCHA into thinking its human

The first malware to successfully outwit the CAPTCHA image recognition system has been detected by Kaspersky Lab’s security analysts.
Kaspersky logo

关于卡巴斯基

卡巴斯基是一家成立于1997年的全球网络安全和数字隐私公司。卡巴斯基不断将深度威胁情报和安全技术转化成创新的安全解决方案和服务,为全球的企业、关键基础设施、政府和消费者提供安全保护。公司提供全面的安全产品组合,包括领先的端点保护解决方案以及多种针对性的安全解决方案和服务,以及用于应对复杂和不断变化的数字威胁的网络免疫解决方案。全球有超过4亿用户使用卡巴斯基技术保护自己,我们还帮助全球200,000家企业客户保护最重要的东西。要了解更多详情,请访问www.kaspersky.com.cn.

相关文章 企业新闻