A newly discovered mobile malware can rake up quite the phone bill for its victims, cybersecurity pros from Avast have revealed.
The antivirus company recently spotted SMSFactory, a unique malware being distributed among its Brazilian customers, with mobile users in Russia, Ukraine, Turkey, and Argentina also seem to be targeted.
SMSFactory deals damage by having the Android smartphone send phone calls and SMS messages to premium numbers. It’s being distributed by unofficial channels, meaning you won’t find SMSFactory on the Play Store, but you will find it on APKMods, and PaidAPKFree, two mobile app repositories with dubious policies. Avast also says the attackers promote the app with malvertising, push notifications, various promotional pop-ups and websites, videos, and such.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.
Accessing the contacts list
Among the various permissions the app asks for, researchers have also found, is the permission to access the contact list (opens in new tab), so it’s highly likely it uses the list to further expand its reach. Other requested permissions include location data, the permission to make phone calls, send and read SMS messages, wake lock and vibrate, handle overlay, use the entire screen, track notifications, and start various activities from the background.
If these permissions weren’t large enough of a red flag, the Android device will also trigger a warning at installation, telling the potential victim that the app is risky. However, many seem to have turned a blind eye to the warnings, as the app has “tens of thousands” of installations, Avast said.
> This creepy new Android malware records your audio and tracks your location (opens in new tab)
> That Android antivirus could actually be malware (opens in new tab)
> This Android malware targets passwords from almost 500 apps (opens in new tab)
Once installed, the app will display a message that it doesn’t work or that the service is unavailable. Given that it hides its name and icon, many users struggle to delete it, or apparently forget they have anything installed.
Still, the app continues working in the background, maintaining its connection to the C2 server and sending an ID profile of the infected endpoint.
- These are the best firewall offerings around (opens in new tab)
Via: BleepingComputer (opens in new tab)