Feeds

Android Trojan taints US mobes, spews 500,000 texts A DAY

If you could just tear yourself from Angry Birds and check your bill...

Providing a secure and efficient Helpdesk

A Trojan that infects Android devices is behind an increase in text message spam in the US.

SpamSoldier infects smartphones and spews out thousands of SMS messages without the user's permission. The mobile irritant is primarily spreading through texts that offer free versions of popular paid-for games such as Need for Speed: Most Wanted and Angry Birds Space.

Marks are encouraged to click on a web link in a message that supposedly leads to a game installer. In reality users who open the "installer app" only succeed in infecting their handset with the SpamSoldier Trojan.

Once in place, SpamSoldier gets to work sending more booby-trapped messages, spreading itself further in the process. In some cases a free version of a mobile game may even be installed to distract the user and cover up the fact the smartphone has become a spam-spewing bot.

The software nasty is spreading in the US, according to mobile anti-spam specialist Cloudmark.

"Once infected, a user's phone will be used to silently send out thousands of spam SMS messages without permission to lists of victim phone numbers that the malware automatically downloads from a command-and-control server," according to Cloudmark researcher Andrew Conway. "We've seen a peak rate so far of over half a million SMS messages per day."

"This sort of attack changes the economics of SMS spam, as the spammer no longer has to pay for messages that are sent if he can use a botnet to control devices and cover his costs," it added.

The Trojan is distributed from, largely, .mobi sites on a server in Hong Kong. The scammer behind the app first latched onto the idea in late October, brazenly punting the Trojan as an anti-SMS spam utility before switching to mobile gaming last month, a ploy that's proved much more successful. Over the last three weeks or so the unidentified crook behind the scam has started earning cash from his mobile botnet.

"On 28 November the spammer decided to start monetizing," Conway explained in a blog post on the SpamSoldier threat. "The free game messages continued, but there were also free gift card scam messages mixed in."

The bogus gift card messages state:

You have just won a $1000 Target Gift Card but only the 1st 777 people that enter code 777 at http://[redacted].com can claim it!

"Of course, there are not really any free gift cards, this is just a trick to collect your personal information for affiliate programmes and sometimes identity theft," Conway warned.

Cloudmark described the threat as the "first functioning Android botnet sending SMS spam" although it notes that several PC botnets capable of sending spam via email to text message gateways have occasionally cropped up in the past. Mobile malware that sends SMS messages to premium numbers from compromised smartphones is far more commonplace.

An advisory by phone security firm Lookout confirmed that SpamSoldier is targeting US mobile users; the list of targeted numbers downloaded from the botnet typically contains 100 US numbers at a time. It added that the distribution of the malware remains "relatively limited".

"Even at these limited distribution levels, SpamSoldier still has the potential to make a big impact at a network level: a single prolonged infection could result in thousands of SMS spam messages," writes Lookout researcher Derek Halliday.

"Overall detections remain low but we’ve observed instances on all major US carriers. The potential impact to mobile networks may be significant if the threat goes undetected for a long period of time. The primary negative impact appears to be the large amount of SMS messages sent and the potential this has to result in charges to the user and/or a slowdown of the carrier’s network."

Halliday added: "The sole infection vector appears to be spam SMS messages; we have not yet detected SpamSoldier on any major app stores." ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.