Cloudmark researchers are warning of new Android malware that exhibits “simple mobile botnet behavior, leveraging infected handsets to spread spam and invitations for other users to download the infected apps.”
“Thinking they get deals on certain apps, users click on links provided in [the] messages, at which point the malicious [app] installs itself on the smartphone, deletes [its] tracks and starts, well, doing its job: sending SMS messages,” writes Android Authority’s Chris Smith. “Once installed, the app spams 100 U.S. phone numbers at a time. When it’s done with each batch it reloads with another fresh set. Meanwhile users don’t know what’s happening as the app deletes outgoing messages and intercepts any SMS replies to the messages it sends.”
“By last week, the malware was being used to send more than 500,000 texts per day,” writes InformationWeek’s Mathew J. Schwartz. “Perhaps appropriately, links to the malware are … being distributed via spam SMS messages that offer downloads of popular Android games — such as Angry Birds Star Wars, Need for Speed: Most Wanted, and Grand Theft Auto: Vice City — for free.”
“Cloudmark described the threat as the ‘first functioning Android botnet sending SMS spam’ although it notes that several PC botnets capable of sending spam via email to text message gateways have occasionally cropped up in the past,” writes The Register’s John Leyden. “Mobile malware that sends SMS messages to premium numbers from compromised smartphones is far more commonplace.”
“Lookout Mobile Security has dubbed this family of malware SpamSoldier and noted that the malicious app takes steps to hide its stealthy activities,” writes PCMag.com’s Fahmida Y. Rashid. “The icon is removed from launcher so the user doesn’t know the app is running, outgoing spam texts are not logged, and incoming SMS replies are intercepted so that the user ‘remains blissfully unaware,’ said Lookout’s senior product manager Derek Halliday.”
“As always, users are advised never to download apps from third-party sites to which they were sent by links in unsolicited text messages and emails,” notes Help Net Security’s Zeljka Zorz.