SINGAPORE - Kaspersky Lab has said it has discovered the first malware that can outwit the Captcha image recognition system into thinking that it is a human, so that it can subscribe a person's infected smartphone to premium-rate services.
The Trojan-SMS.AndroidOS.Podec reportedly forwards Captcha requests to real-time online human translation service Antigate.com, which converts Captcha images to text.
Kaspersky also said that the trojan can bypass the "Advice on Charge" system that informs users about the price of a service and requires authorisation before payment.
So, the trojan is signing up users of infected phone to costly services without their knowledge, bypassing systems designed to verify the subscription.
According to Kaspersky, Podec targets Android devices.
The trojan is being spread primarily through Russia's popular social network VKontakte (vk.com) and some Russian websites. Most victims have been detected in Russia and surrounding countries to date, Kaspersky said. Infection generally occurs through links to supposedly cracked versions of popular computer games, such as Minecraft Pocket Edition.
It also said that the trojan is still being worked on and the code is being changed to add new capabilties.