{
	"id": "437683aa-8377-4cfd-93f1-bd4fcdf3f34d",
	"created_at": "2026-04-06T00:18:04.906284Z",
	"updated_at": "2026-04-10T03:21:26.964136Z",
	"deleted_at": null,
	"sha1_hash": "968284a000fbf389b33f90ee4a3615bd585306ae",
	"title": "APP-16 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48556,
	"plain_text": "APP-16 · Mobile Threat Catalogue\r\nArchived: 2026-04-05 22:46:02 UTC\r\nMobile Threat Catalogue\r\nPremium SMS Fraud\r\nContribute\r\nThreat Category: Malicious or privacy-invasive application\r\nID: APP-16\r\nThreat Description: SMS messages were initially charged to a cellular subscriber’s account on a per-message\r\nbasis. However, some services use SMS messaging as a subscription or one-time payment method. The charge\r\nassociated with the SMS message is placed on the cellular subscriber’s account and collected along with standard\r\ncellular service fees. This model enables malicious app developers to potentially collude with premium SMS\r\nservice providers to commit fraud against users. The subscriber is held responsible for the fraudulent charges by\r\nthe cellular carrier. Early forms of this attack exploited the weak OS permission models that allowed apps to send\r\npremium SMS messages without user interaction, which prompted improvement by affected OS developers.\r\nContemporary variants must instead exploit vulnerabilities in the mobile OS to send messages without user\r\nknowledge and consent.\r\nThreat Origin\r\nDissecting Android Malware: Characterization and Evolution 1\r\nExploit Examples\r\nzSone, RogueSPPush, GGTracker malware described in Dissecting Android Malware: Characterization and\r\nEvolution 1\r\nMkero: Android malware secretly subscribes victims to premium SMS services 2\r\nChinese Android botnet ‘netting millions’\r\n3\r\nAndroid Security 2015 Year In Review 4\r\nCVE Examples\r\nNot Applicable\r\nPossible Countermeasures\r\nEnterprise\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-16.html\r\nPage 1 of 2\n\nEnsure Android devices are running a recent version of Android, as starting in Android 4.2, user confirmation is\r\nneeded before apps can send premium SMSs (source:\r\nhttps://source.android.com/security/enhancements/enhancements42.html).\r\nPerform application vetting to identify SMS fraud by apps including permission requests made by the apps.\r\nUse application threat intelligence data about potential SMS fraud risks associated with apps installed on devices.\r\nMobile Device User\r\nEnsure Android devices are running a recent version of Android, as starting in Android 4.2, user confirmation is\r\nneeded before apps can send premium SMSs (source:\r\nhttps://source.android.com/security/enhancements/enhancements42.html).\r\nUse Android Verify Apps feature to apps that attempt to abuse SMS functionality.\r\nReferences\r\n1. Y. Zhou and X. Jiang, “Dissecting Android Malware: Characterization and Evolution”, in Proceedings of\r\nthe 2012 IEEE Symposium on Security and Privacy, 2012, pp 95-109;\r\nhttp://ieeexplore.ieee.org/document/6234407/?arnumber=6234407 [accessed 8/25/2016] ↩ ↩2\r\n2. C. Page, “MKero: Android malware secretly subscribes victims to premium SMS services”, The Inquirer, 9\r\nSept. 2015; www.theinquirer.net/inquirer/news/2425201/mkero-android-malware-secretly-subscribes-victims-to-premium-sms-services [accessed 8/25/2016] ↩\r\n3. T. Espiner, “Chinese Android botnet ‘netting millions’, says Symantec”, ZDNet, 10 Feb. 2012;\r\nwww.zdnet.com/article/chinese-android-botnet-netting-millions-says-symantec/ [accessed 8/25/2016] ↩\r\n4. Android Security 2015 Year In Review, Google, 2016;\r\nhttps://source.android.com/security/reports/Google_Android_Security_2015_Report_Final.pdf [accessed\r\n8/25/2016] ↩\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-16.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-16.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-16.html"
	],
	"report_names": [
		"APP-16.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434684,
	"ts_updated_at": 1775791286,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/968284a000fbf389b33f90ee4a3615bd585306ae.pdf",
		"text": "https://archive.orkl.eu/968284a000fbf389b33f90ee4a3615bd585306ae.txt",
		"img": "https://archive.orkl.eu/968284a000fbf389b33f90ee4a3615bd585306ae.jpg"
	}
}