Users in the Southeast Asia region are being targeted by a new malware threat called WAPDropper. Instead of trying to collect their banking credentials, credit card details, or simply lock their phones, WAPDropper executes a scheme that involves an almost obsolete mobile technical standard called Wireless Application Protocol (WAP), which is used for accessing information over a mobile wireless network. WAP became popular in the early 2000s briefly but was superseded by superior technological developments quickly.

However, even nowadays, WAP is supported by some mobile service providers, and the WAPDropper takes advantage of that fact to subscribe the compromised users for premium phone numbers, which charge huge fees for various services. As a result, users will be surprised with massive monthly fees unpleasantly until they remove the malware and either file a report with their mobile carrier or unsubscribe from the premium number.

The malware itself is being propagated through third-party application stores where it is injected in seemingly innocuous applications such as 'dolok,' 'af,' 'Email,' as well as the 'Awesome Polar Fishing' game application. To make the footprint of the threat smaller, only the dropper component of WAPDropper is packed inside the weaponized applications. Once it has infiltrated the user's device successfully, the dropper fetches and delivers the actual module responsible for carrying out the WAP scheme. The dropper component of WAPDropper is versatile enough that at any point, it can be configured to deliver far more threatening payloads on the compromised devices.

If possible, users should always elect to download applications from the official application stores and avoid using suspicious third-party platforms.


Most Viewed