In Homer’s Odyssey, the Trojan horse hid soldiers that when brought through the gates and into the city of Troy led to the fall of Troy. Trojan subscribers are malware hidden within legitimate apps that while they won’t lead to the downfall of a city can cost the victims of a Trojan subscriber a lot of money.
Trojan subscribers are malicious code that cybercriminals add to legitimate apps and then upload them to app stores under a different name. The apps can be for a variety of purposes, such as monitoring blood pressure or scanning documents. When someone downloads one of these infected apps, he or she doesn’t realize that the Trojan subscriber will automatically subscribe to a paid service without the person who downloaded the app being aware of it.
Generally, the cybercriminals who create and use Trojan subscribers get paid a commission on each new subscription to a paid service.
There have been a number of different Trojan subscribers found during the past year including the Jocker Trojan subscriber, the MobOk Trojan subscriber, the Vesub Trpjan subscriber and the GriftHorse.ae Trojan subscribers. While they all work slightly differently they all manage to effectively sign up their victims to unwanted and costly subscription services.
Google Play and other app stores try to identify apps with Trojan subscribers, but as soon as they take one down, another pops up. In other instances, Trojan subscribers are found in apps that are not allowed on the regular official app stores.
TIPS
So what can you do to protect yourself from Trojan subscribers?
First and foremost, don’t install apps from unofficial sources. The risk is far too great that you will be downloading malware. However, even if you stick to legitimate sources for your apps such as Google Play, you must recognize that getting your app from a legitimate source does not guarantee that the app is malware-free.
Always check out the reviews and ratings of particular apps before you download them. Also, the longer an app has appeared on a legitimate source such as Google Play, the better the chance that it has been properly vetted and does not contain any malware. Therefore be a bit wary of apps that have only recently appeared on a legitimate app store.
Another good policy to follow when you download apps is to give the apps only the minimal access to your device that is needed to perform properly.
Finally, make sure that you have installed strong security software on your cellphone and keep it updated with the latest security updates and patches as they become available to protect you from not only Trojan subscribers, but also other threats as well.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”