These Trojans distributed like more useful apps such as Battery saver and Ram Optimizer, but it additionally does have malware capabilities.
WAP-billing is a mobile payment feature that charges directly to the user’s mobile bill so that they don’t require to register a credit card or establish a username and positive identification.
Generally these Trojan’s first turn off your WiFi connection and then turn on mobile Internet. They do this because WAP-billing works only through mobile Internet. Then they open a web page that redirects to the page with WAP-billing.
Trojan Clickers AndroidOS.Ubsod & Xafekopy
It is a simple Trojan which pretends like an advertising software, but it is capable of deleting all incoming message that has “ubscri” (part of “Subscription”).
He detected another Trojan as Trojan-Clicker.AndroidOS.Xafekopy which uses JS files similar to Ztorg’s to click on buttons of the web page. It was created by Chinese developers and targeting India(37%) and Russian(32%) users.
Files are distributed in two versions one with Indian links and another with Russian links. These applications once installed loads files from its origin folder which has all the major functionalities. By using this JS they can bypass captcha forms on web pages.
And the Trojan Trojan-Clicker.AndroidOS.Autosus.a is designed to steal money with WAP-billing by using clickjacking methods and also has the ability to hide incoming messages as per commands from C&C server.