Feeds

Android Trojan taints US mobes, spews 500,000 texts A DAY

If you could just tear yourself from Angry Birds and check your bill...

Beginner's guide to SSL certificates

A Trojan that infects Android devices is behind an increase in text message spam in the US.

SpamSoldier infects smartphones and spews out thousands of SMS messages without the user's permission. The mobile irritant is primarily spreading through texts that offer free versions of popular paid-for games such as Need for Speed: Most Wanted and Angry Birds Space.

Marks are encouraged to click on a web link in a message that supposedly leads to a game installer. In reality users who open the "installer app" only succeed in infecting their handset with the SpamSoldier Trojan.

Once in place, SpamSoldier gets to work sending more booby-trapped messages, spreading itself further in the process. In some cases a free version of a mobile game may even be installed to distract the user and cover up the fact the smartphone has become a spam-spewing bot.

The software nasty is spreading in the US, according to mobile anti-spam specialist Cloudmark.

"Once infected, a user's phone will be used to silently send out thousands of spam SMS messages without permission to lists of victim phone numbers that the malware automatically downloads from a command-and-control server," according to Cloudmark researcher Andrew Conway. "We've seen a peak rate so far of over half a million SMS messages per day."

"This sort of attack changes the economics of SMS spam, as the spammer no longer has to pay for messages that are sent if he can use a botnet to control devices and cover his costs," it added.

The Trojan is distributed from, largely, .mobi sites on a server in Hong Kong. The scammer behind the app first latched onto the idea in late October, brazenly punting the Trojan as an anti-SMS spam utility before switching to mobile gaming last month, a ploy that's proved much more successful. Over the last three weeks or so the unidentified crook behind the scam has started earning cash from his mobile botnet.

"On 28 November the spammer decided to start monetizing," Conway explained in a blog post on the SpamSoldier threat. "The free game messages continued, but there were also free gift card scam messages mixed in."

The bogus gift card messages state:

You have just won a $1000 Target Gift Card but only the 1st 777 people that enter code 777 at http://[redacted].com can claim it!

"Of course, there are not really any free gift cards, this is just a trick to collect your personal information for affiliate programmes and sometimes identity theft," Conway warned.

Cloudmark described the threat as the "first functioning Android botnet sending SMS spam" although it notes that several PC botnets capable of sending spam via email to text message gateways have occasionally cropped up in the past. Mobile malware that sends SMS messages to premium numbers from compromised smartphones is far more commonplace.

An advisory by phone security firm Lookout confirmed that SpamSoldier is targeting US mobile users; the list of targeted numbers downloaded from the botnet typically contains 100 US numbers at a time. It added that the distribution of the malware remains "relatively limited".

"Even at these limited distribution levels, SpamSoldier still has the potential to make a big impact at a network level: a single prolonged infection could result in thousands of SMS spam messages," writes Lookout researcher Derek Halliday.

"Overall detections remain low but we’ve observed instances on all major US carriers. The potential impact to mobile networks may be significant if the threat goes undetected for a long period of time. The primary negative impact appears to be the large amount of SMS messages sent and the potential this has to result in charges to the user and/or a slowdown of the carrier’s network."

Halliday added: "The sole infection vector appears to be spam SMS messages; we have not yet detected SpamSoldier on any major app stores." ®

Intelligent flash storage arrays

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Getting ahead of the compliance curve
Learn about new services that make it easy to discover and manage certificates across the enterprise and how to get ahead of the compliance curve.