Researchers have recently came across a multi-function dropper named WAPDropper that downloads and executes an additional payload and uses a machine learning solution to bypass image-based CAPTCHA challenges.

The obfuscation technique

WAPDropper uses many reflection techniques and heavily obfuscated strings to hide its malicious motives. 

  • The malware consists of two different modules – the dropper module and a premium dialer module.
  • The dropper module is responsible for downloading a second stage malware and has the potential to spread and initiate different attack vectors to steal victims’ data.
  • The WAP premium dialer module subscribes victims to premium services offered by legitimate sources such as telecommunication providers in Thailand and Malaysia to manipulate money transactions.

Ditching the CAPTCHA

Normally, to offer the subscription, it must undergo a CAPTCHA test. However, WAPDropper malware is capable of bypassing CAPTCHA by using the services of a Chinese company Super Eagle that offers an ML solution for image recognition.

Conclusion

Hackers have been using third-party Android stores to distribute WAPDropper malware. Avoiding these marketplaces can reduce the risk of compromise. Due to the fact that text distortion-based and image recognition CAPTCHAs are vulnerable to machine learning-based attacks, the need for alternatives security methods has grown immensely.