WAPDropper

The WAP networking protocol was very popular on mobile devices in the 2000s, but it has since been replaced by modern, high-speed networks like 3G, 4G, and 5G. However, many users might be unaware that modern mobile devices still have full support for the WAP network, and threat actors have started to target this specific service. WAPDropper is a newly identified Android malware strain that works by exploiting the Wireless Application Protocol (WAP) to sign up users for premium services and products without their knowledge.

The WAPDropper is not the first Android threat to target the WAP service in recent years – in 2017, cybersecurity experts reported the Xafecopy malware that also engaged in a WAP fraud. The WAPDropper appears to be distributed to potential victims via fake application packages hosted on third-party application stores. Often, the malware poses as an entertaining kids game, a premium version of a popular piece of software, or another useful tool. Once installed, the WAPDropper would hide its icons and entries from the 'Apps' menu, therefore making it difficult to identify and remove the malware manually.

As long as WAPDropper is running, the malware could use the WAP protocol to sign users up for all sorts of premium products and services, which will be billed by their mobile operator. The advantage of the so-called 'WAP fraud' is that the attacker can make purchases without registering or confirming anything. Victims of the WAPDropper malware will not notice anything strange until they see their monthly bill, which is likely to be much larger than usual.

Silent malware like the WAPDropper is very threatening because it would be too late to stop it when you see that there is something out of the ordinary. This is why Android users should keep their devices protected by up-to-date anti-malware applications.