We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,639 News Articles

Android users targeted by premium-rate SMS malware

Design of Russian attacks sends warning

In a clear warning to mobile users in developed markets, Russian cybercriminals have started distributing a wave of premium rate malware from rogue marketplaces, including one example disguised as an Android Flash Player.

Reported by Trend Micro, the first attack is a straightforward piece of social engineering, attempting to trick mobile browser users into downloading a bogus Flash app.

Falling for the ruse causes the download of a malicious .APK (Android package) file which installs Androids_Boxer.A which sends premium rate SMS messages varying according to the geographical location of the infected smartphone.

A second attack of a similar ilk detected by Avast reels in mobile users looking for screen savers and free games, giving them a variant of the Android:FakeInst malware that also sets the victim up for premium SMS fraud.

Both malware attacks are currently being posted on Russian-language websites which lowers the chances of anyone outside that region encountering them but the intention is clear. Whether using shady app sites beyond the relative safety of the Android Marketplace or via websites, the malware peddlers are developing more sophisticated ways to attack mobile users.

When the threat moves beyond Russia in earnest, the social engineering design of using bogus apps to spread malware is likely to be the attack method - Angry Birds and Instagram have already been 'adopted' in recent weeks to carry out this type of attack.

Typically, the domains used to host the malware were temporary, a tactic borrowed from the desktop malware world.

"Analysing the trail the malware creators left for us, we've discovered a few sites they [the malware writers] have used in order to attract users and all of them target Russian speaking people and look like an alternative markets. In reality, these sites exist for a short period of time and offers only fake downloaders," said Avast's blog.

"And this scam costs you money. If somebody clicks on the OK or Agree button, they have probably already been defrauded by the creators," said Avast's blog.

The slow convergence of desktop malware techniques with mobile (read Android) threats continues, including the first example of a website drive-by Android attack detected last week.


IDG UK Sites

Nokia replaces budget Lumia 520 with 530: Release date, price and specs

IDG UK Sites

Everything you need to know about Apple's iPhone Camera in iOS 8

IDG UK Sites

Why you shouldn't trust password managers

IDG UK Sites

How to make an 'Apple iWatch' using an iPod nano and a 3D printer