Kaspersky has just reported details about what it believes is the first malware to successfully outwit the CAPTCHA image recognition system. Podec uses a technique to trick the CAPTCHA it is a person in a bid to infect thousands of Android users and subscribe them to premium-rate services.
According to SC Magazine:
Infection generally occurs through links to supposedly cracked versions of popular computer games, such as Minecraft Pocket Edition. Links appear on group pages and lure victims with free apps and a small file size. Once infected, Podec requests administrator privileges that, when granted, make it impossible to delete or halt the execution of the malware.
Links can only lead to malicious webpages if the app hasn’t integrated a security solution that addresses this type of phishing attack. You know what they need right? That’s it, the MetaCert Security API. By integrating the Security API links would have been scanned in real time to ensure they aren’t classified as malicious.