We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,108 News Articles

Android users targeted by premium-rate SMS malware

Design of Russian attacks sends warning

In a clear warning to mobile users in developed markets, Russian cybercriminals have started distributing a wave of premium rate malware from rogue marketplaces, including one example disguised as an Android Flash Player.

Reported by Trend Micro, the first attack is a straightforward piece of social engineering, attempting to trick mobile browser users into downloading a bogus Flash app.

Falling for the ruse causes the download of a malicious .APK (Android package) file which installs Androids_Boxer.A which sends premium rate SMS messages varying according to the geographical location of the infected smartphone.

A second attack of a similar ilk detected by Avast reels in mobile users looking for screen savers and free games, giving them a variant of the Android:FakeInst malware that also sets the victim up for premium SMS fraud.

Both malware attacks are currently being posted on Russian-language websites which lowers the chances of anyone outside that region encountering them but the intention is clear. Whether using shady app sites beyond the relative safety of the Android Marketplace or via websites, the malware peddlers are developing more sophisticated ways to attack mobile users.

When the threat moves beyond Russia in earnest, the social engineering design of using bogus apps to spread malware is likely to be the attack method - Angry Birds and Instagram have already been 'adopted' in recent weeks to carry out this type of attack.

Typically, the domains used to host the malware were temporary, a tactic borrowed from the desktop malware world.

"Analysing the trail the malware creators left for us, we've discovered a few sites they [the malware writers] have used in order to attract users and all of them target Russian speaking people and look like an alternative markets. In reality, these sites exist for a short period of time and offers only fake downloaders," said Avast's blog.

"And this scam costs you money. If somebody clicks on the OK or Agree button, they have probably already been defrauded by the creators," said Avast's blog.

The slow convergence of desktop malware techniques with mobile (read Android) threats continues, including the first example of a website drive-by Android attack detected last week.


IDG UK Sites

Windows 9 release date, price, features: Microsoft teases new OS ahead of 30 September unveiling

IDG UK Sites

From the iPhone 6 to the iWatch and a new Apple TV we look at the products Apple is set to launch...

IDG UK Sites

September 2014 creative trends: 5 things you must see

IDG UK Sites

What to expect from Apple in autumn/winter 2014: iPhone 6, iPhone Air, iWatch, iPad 6, new Apple...