This trojan sends SMS to service provider to quietly register the user for a service, which brings about unsolicited charges on the user's account.
Upon installation, the trojan requests the following permissions:
- restart packages
- write to external storage
- read contacts
- receive SMS
- read SMS
- write SMS
- send SMS
- read the phone state
- access the network state
- access to internet
Trojan:Android/AutoSPSubscribe.A monitors incoming messages and intercepts those that originate from the service provider and carry order information containing details and charges for a value-added service. It then automatically replies to the provider with the value "Y", which indicates user confirmation to subscribe to the service.
NOTE: By policy, service providers must receive confirmation from the user before being able to proceed with the billing.
The message that notifies user about the service and its charge
Further messages from the provider to user to notify about the subscription confirmation will be automatically deleted by the trojan, which leaves the user unaware of the charges placed on the user account.
This trojan was discovered by researchers at the North Carolina State University. For additional information, see: