“Kaspersky lab” together uncovered a scheme in which the scammers could sign MTS subscribers to pay content services without their knowledge. At risk were the owners of Android smartphones, using a standard browser, which is used in operating systems that are not updated to Android 5.0, according to the materials of “Kaspersky Lab”.
To implement the fraudulent scheme cybercriminals have exploited the vulnerability of two years ago in the AOSP browser that could allow malicious code from the website of the criminals executed on the legitimate web page of the cellular operator. In other words, malicious code that is “pushed” outside on the paid subscriptions page, the “Yes” button, and the user remained in the dark. While in Chrome, such a scenario is impossible.
The operator using “Kaspersky Lab has taken measures to combat fraud. As soon as the attackers realized that their activity was noticed, they removed the malicious code from the web page.
“While cybercriminals have tried this Scam for relatively expensive for your user scenarios. However, nothing prevents them to move on. A similar fraud scheme can be implemented in other cases, such as when making purchases using mobile versions of sites or online banking in the browser, not the app.
When you consider that manufacturers are budget versions of smartphones are not always timely release updates for staff and users have been slow to install these updates, we can assume that the group of potential risk in the world is close to 500 million devices on which the default AOSP browser,” said Denis Gorchakov, senior analyst, “Kaspersky Lab”.
In order to avoid becoming a victim of this Scam, users are recommended to upgrade the firmware of the smartphone, provided that the manufacturer has released an official update.
