Bottom line: Fraudsters use manipulated Android apps with WebView automation and OTP interception to charge fraudulent premium subscriptions via carrier billing and cover their tracks.
Cybercriminals distribute manipulated Android apps that employ WebView automation, JavaScript injection, and OTP interception to conclude fraudulent subscriptions undetected.
Security experts have uncovered a new fraud campaign using fake Android apps. These applications employ advanced obfuscation techniques and security bypass methods. The fraudsters deploy WebView automation to simulate app functionality, while JavaScript injection enables them to inject scripts into web content. Particularly critical is the interception of one-time passwords (OTP), which circumvents authentication. Using these methods, criminals manage to charge premium services via the carrier billing feature—directly on users’ phone bills. Victims often only discover the abuse with a delay, when unexpected charges appear on their bill. The applications are cleverly disguised to appear as legitimate apps and circumvent security systems.