Feeds

Android Trojan taints US mobes, spews 500,000 texts A DAY

If you could just tear yourself from Angry Birds and check your bill...

Secure remote control for conventional and virtual desktops

A Trojan that infects Android devices is behind an increase in text message spam in the US.

SpamSoldier infects smartphones and spews out thousands of SMS messages without the user's permission. The mobile irritant is primarily spreading through texts that offer free versions of popular paid-for games such as Need for Speed: Most Wanted and Angry Birds Space.

Marks are encouraged to click on a web link in a message that supposedly leads to a game installer. In reality users who open the "installer app" only succeed in infecting their handset with the SpamSoldier Trojan.

Once in place, SpamSoldier gets to work sending more booby-trapped messages, spreading itself further in the process. In some cases a free version of a mobile game may even be installed to distract the user and cover up the fact the smartphone has become a spam-spewing bot.

The software nasty is spreading in the US, according to mobile anti-spam specialist Cloudmark.

"Once infected, a user's phone will be used to silently send out thousands of spam SMS messages without permission to lists of victim phone numbers that the malware automatically downloads from a command-and-control server," according to Cloudmark researcher Andrew Conway. "We've seen a peak rate so far of over half a million SMS messages per day."

"This sort of attack changes the economics of SMS spam, as the spammer no longer has to pay for messages that are sent if he can use a botnet to control devices and cover his costs," it added.

The Trojan is distributed from, largely, .mobi sites on a server in Hong Kong. The scammer behind the app first latched onto the idea in late October, brazenly punting the Trojan as an anti-SMS spam utility before switching to mobile gaming last month, a ploy that's proved much more successful. Over the last three weeks or so the unidentified crook behind the scam has started earning cash from his mobile botnet.

"On 28 November the spammer decided to start monetizing," Conway explained in a blog post on the SpamSoldier threat. "The free game messages continued, but there were also free gift card scam messages mixed in."

The bogus gift card messages state:

You have just won a $1000 Target Gift Card but only the 1st 777 people that enter code 777 at http://[redacted].com can claim it!

"Of course, there are not really any free gift cards, this is just a trick to collect your personal information for affiliate programmes and sometimes identity theft," Conway warned.

Cloudmark described the threat as the "first functioning Android botnet sending SMS spam" although it notes that several PC botnets capable of sending spam via email to text message gateways have occasionally cropped up in the past. Mobile malware that sends SMS messages to premium numbers from compromised smartphones is far more commonplace.

An advisory by phone security firm Lookout confirmed that SpamSoldier is targeting US mobile users; the list of targeted numbers downloaded from the botnet typically contains 100 US numbers at a time. It added that the distribution of the malware remains "relatively limited".

"Even at these limited distribution levels, SpamSoldier still has the potential to make a big impact at a network level: a single prolonged infection could result in thousands of SMS spam messages," writes Lookout researcher Derek Halliday.

"Overall detections remain low but we’ve observed instances on all major US carriers. The potential impact to mobile networks may be significant if the threat goes undetected for a long period of time. The primary negative impact appears to be the large amount of SMS messages sent and the potential this has to result in charges to the user and/or a slowdown of the carrier’s network."

Halliday added: "The sole infection vector appears to be spam SMS messages; we have not yet detected SpamSoldier on any major app stores." ®

New hybrid storage solutions

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.