2 min read

Malware cons users into paying for free product

Loredana BOTEZATU

December 15, 2011

Malware cons users into paying for free product

As computer users, we live in a Flash-centric universe: YouTube videos, mini-games online, and interactive ads are only some of the content that needs the tiny Flash plugin. And, just like any intensively-used application, Flash is frequently updated. But sometimes, these updates are not what you”d expect.

This specific “Flash Player installer”is nothing suspicious at the surface: it has the familiar colors and branding elements. Even the End-User License Agreement checkboxes are in the right place. What pops out of context, however, is an alleged registration mechanism that asks you to provide information about your country of origin and cell service provider. However, if you”re from Russia, you”ll only have to provide your cell number.

The wizard requires users –during the installation process – to send a code to a premium-rate telephone number in return for an activation key, an approach that is also the most popular con form targeting smartphones these days.

So while most people around the world are conned into paying extra charges for a free piece of software, Russian victims only face the dangers of having their phone numbers logged in to a database for further campaigns that probably use vishing (voice phishing) to inflict more financial damage.

Now, you might wonder who could fail to see the scam behind the phone validation charade. Well, If you have been used other Adobe (and not only) products, you probably know that some have an option to activate the application by phone, in case your PC is not connected to the Internet. This time, experience works against your best interest as it makes you less suspicious of this type of “authentication”.

 

Legit phone activation screen

An old proverb reads: “Timeo Danaos et dona ferentes”–fear Greeks, even if they bear gifts. The same rule applies to Russian software –if it wants to dial a number, shut it off. In the case of premium-rate SMS senders, the malicious code takes the guise of legitimate applications or a pirated version of a popular legitimate one to trick the users into downloading and installing them on their systems.

And now the story in images:

 

Step 1 –Fake Adobe Flash Player window

 

Step 2 –Installing Fake Adobe Flash Player

 

Step 3 –Selecting the country of origin

 

Step 4 –Selecting the country and the telephone provider

 

Step 5 –Russian users only need to enter their phone number

 

This article is based on the technical information provided courtesy of Doina Cosovan, Bitdefender VirusAnalyst.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read