Android Carrier Billing Fraud Campaign Exposed by zLabs

zLabs identified a large-scale Android carrier billing fraud campaign distributing roughly 250 fake apps across Malaysia, Thailand, Romania, and Croatia; three variants automate premium subscriptions by abusing SIM and SMS APIs, steal browser cookies to maintain billing access, and exfiltrate device metadata via Telegram, while active infrastructure (for example, modobomz.com) continues to support the operation—users should check billing statements and avoid third-party app sources.