Android.Subscription in virus library:

Trojan applications for Android that subscribe users to paid mobile services. They are distributed as different legitimate software, like photo and video editors, multimedia apps, various system tools, launchers, navigation apps, and so on. Many of these apps are phony and lack any functionality. Others have minimal capabilities or can work completely different from what users would expect. Some of them can hide inside copies of initially harmless apps that malicious actors have modified.

When launched, trojans from the Android.Subscription family use a WebView system component. They will load affiliate services websites that activate paid subscriptions using Wap Click technology. These pages may contain specialized buttons with various content, banners, and other interactive elements. They may also have fields and forms to provide a mobile phone number. When the user taps these elements or provides a phone number, an attempt is made to automatically activate a paid service.

Below is an example of an affiliate service web page loaded by Android.Subscription trojans. This page is asking a potential victim for their mobile phone number.