A recent report highlights a fraudulent campaign targeting Android users in Malaysia, Thailand, Romania, and Croatia through nearly 250 malicious apps. These apps, disguised as popular applications, use techniques such as WebView automation, JavaScript injection, and OTP interception to stealthily enroll users in premium, carrier-billed services. The campaign originated in March 2025 and continues to operate at significant levels.
Three malware variants demonstrate varying sophistication, especially in automating subscription processes and intercepting one-time passwords. This issue underscores systemic failures in mobile security and app vetting processes, emphasizing the importance of enforcing installation from official app stores to safeguard users.