Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Kaspersky Lab discovers Podec: the first Trojan to trick CAPTCHA into thinking its human

Zafirah Salim | March 20, 2015
Podec automatically forwards CAPTCHA requests to a real-time online human translation service that converts the image to text.

Security analysts at Kaspersky Lab announced yesterday that they have discovered the first malware that has outwitted the CAPTCHA image recognition system.

CAPTCHA image recognition requests have been increasingly added to online forms to ensure the request is submitted by a person and not automated software. However, this malware - named Podec - has the ability to trick CAPTCHA into thinking it is human.

Podec passes CAPTCHA by redirecting the CAPTCHA processor to an online image-to-text recognition service,  Within seconds, the text from the CAPTCHA image is recognised by a person and the details are relayed back to the malware code, which can then proceed with execution.

It can also bypass the Advice on Charge system, which notifies users about the price of a service and requires authorisation before payment.

In addition, the Trojan employs highly sophisticated techniques to prevent any analysis of its code. Besides introducing garbage classes and obfuscation into the code, the cybercriminals also use an expensive legitimate code protector which makes it difficult to gain access to the source code of the Android application.

According to Kaspersky, the Trojan's goal is to extort money from victims via premium-rate services. Podec specifically targets Android device users, primarily through Russia's popular social network, VKontakte. Besides this, other domains with the names of and are also found to be key infection sources.

Infection generally occurs through links to supposedly cracked versions of popular computer games, such as Minecraft Pocket Edition. These links appear on group pages and victims are drawn in by the lack of cost and what appears to be a far lower file size for the game when compared to the legitimate version. Upon infection, the Podec malware requests administrator privileges that, once granted, make it impossible to delete or halt the execution of the malware.

Most victims to date have been detected in Russia and surrounding countries.

First detected in late 2014, this malware has evolved a lot since then. Kaspersky Lab believes that the development of the Trojan is ongoing - the code is being refactored, new capabilities are being added, and module architectures are being reworked.

"Podec marks a new and dangerous phase in the evolution of mobile malware.  It is devious and sophisticated. The social engineering tools used in its distribution, the commercial-grade protector used to conceal the malicious code and the complicated process of extortion achieved by passing the CAPTCHA test - all lead us to suspect that this Trojan is being developed by a team of Android developers specializing in fraud and illegal monetisation," said Victor Chebyshev, Non-Intel Research Group Manager at Kaspersky Lab.

Chebyshev also advised users to be wary of links and offers that sound too good to be true. He added that users should only install applications sourced from official stores such as Google Play, as well as avoid downloading free cracked apps.


Sign up for CIO Asia eNewsletters.