Podec

Podec, also known as Fobus, was first seen in late 2014 during the rise of mobile malware. The Android malware posed as a legitimate application used for Ad Blocking, but requested permissions to make phone calls, send SMS texts, and access system tools and services. Once these permissions are granted and the application is run, Podec is granted administrative privileges and the app icon disappears. At this point, the malware will begin spying on the infected device, and the victim is unable to uninstall the app by standard means due to its elevated privileges. When a user does attempt to deactivate permissions, the malware sends an alert to the attacker at which point they can lock the screen with the "Lock Now" function, preventing the victim from confirming deactivation. The attackers can also push pop ups threatening to execute a factory reset on the phone if they choose to deactivate the application. Additionally, the application cannot be uninstalled in Safe-Mode and will error when attempting to uninstall using Android Debug Bridge (ADB). In 2015, it was made famous as the first malware to convince CAPTCHA image recognition system that it was human and used this technique to subscribe infected Androids to expensive services, the goal of which is to extort money from the victims. Podec has more recently been seen distributing through cracked versions of popular mobile game applications that can be advertised via social media platforms.

Reporting

  • September 2015: Podec distributing through mobile applications. (Digital Guardian)
     
  • March 2015: Podec is first malware to trick CAPTCHA. (Kaspersky)

Technical Details

  • Technical details are provided by Avast, available here