​Kaspersky reveals CAPTCHA-tricking Podec Trojan

Kaspersky has unearthed an Android-targeted Trojan, dubbed Podec, that can trick the CAPTCHA image verification system into thinking it is human.
Written by Leon Spencer, Contributor

Kaspersky Labs has revealed details of what it claims is the first malware to successfully outwit the CAPTCHA online image-based verification system.

The Russian internet security software company said on March 10 that the malware, Trojan-SMS.Android.Podec, was first detected by its security analysts in late 2014, but has since been updated.

The Podec malware automatically forwards CAPTCHA requests to a real-time online human translation service, Antigate.com, which converts the image to text, and relays that data back to the malware code within seconds, convincing the verification system that it is a person.

The purpose of the Trojan is to extort money from victims by subscribing thousands of infected Android users to premium-rate services, said the security software company.

According to Kaspersky, Podec targets Android device users, primarily through the popular Russian VKontakte social network, but other sources have also been discovered, including domains with the names of Apk-downlad3.ru and minergamevip.com.

Infection generally occurs through links to supposedly cracked versions of popular games such as Minecraft Pocket Edition, which appear on group pages and entice potential victims with their zero cost and small file size.

Once a device is infected, Podec requests administration privileges that, if granted, prevent the disablement of its execution or its deletion.

Additionally, the Trojan employs obfuscation and an "expensive legitimate code protector" to prevent any analysis of its code, the company said.

"Podec marks a new and dangerous phase in the evolution of mobile malware. It is devious and sophisticated," said Kaspersky Lab's non-Intel research group manager Victor Chebyshev. "The social engineering tools used in its distribution, the commercial-grade protector used to conceal the malicious code, and the complicated process of extortion achieved by passing the CAPTCHA test -- all lead us to suspect that this Trojan is being developed by a team of Android developers specialising in fraud and illegal monetisation.

"It is clear that Podec is being further developed, possibly with new targets and goals in mind, and we urge users to be wary of links and offers that sound too good to be true," he said.

Kaspersky recommends that Android users only install applications sourced from official stores such as Google Play, and avoid downloading cracked apps advertised as being free of charge.

Editorial standards