Feeds

Android SMS worm punts dodgy downloads... from your MATES

If a friend texts you a URL, for pity's sake don't open it

Gartner critical capabilities for enterprise endpoint backup

Internet ne'er-do-wells have put together a strain of Android malware that spreads like a email worm rather than acting like a conventional trojan.

Selfmite spreads by automatically sending a text message to contacts in the infected phone’s address book. Theses SMS messages contain a URL that redirects to the malware: ‘Dear [NAME], Look the Self-time, http://goo.gl/[REDACTED]'.

If a user clicks on the goo.gl shortened link, they are invited to download and install an APK file which appears as an icon on their smartphone menu after installation.

Once launched, Selfmite reads the device’s address book before sending the message to 20 different contacts using their name as a greeting, restarting the infection cycle. After sending the malicious SMS messages to fresh marks, the initial victim is invited to download and install Mobogenie, a legitimate app for managing and installing Android apps.

Affiliates get a pay-per-install fee for distributing Mobogenie and using unscrupulous tactics to ramp up this income seems to have motivated the attack.

Mobile security firm AdaptiveMobile, which has begun blocking the spread of messages containing links to the worm, has found infected devices on mobile networks in North America. The worm was first discovered in the US, where it seems concentrated, but activity has also been recorded from a dozen other countries worldwide, according to AdaptiveMobile.

Android Trojans that pose as games or useful utilities are commonplace, especially on third-party app stores. These malicious apps typically offer access to premium games for little or no charge, a potential give-away to more clued-up users. Selfmite comes in a message "sent" by someone known to a potential victim, a different tactic that's perhaps more likely to be believed.

“SMS worms for Android smartphones have previously been rare, but this and the recent Samsapo worm in Russia may indicate that cybercriminals are now starting to broaden their attacks on mobile phones to use different techniques that users may not be aware of,” Denis Maslennikov, a security analyst at AdaptiveMobile explained.

To redirect users to the Mobogenie app, the Selfmite worm uses an advertising platform.

"We believe that an unknown registered user of the advertising platform abused a legal service and attempted to increase the number of Mobogenie app installations using malicious software," Maslennikov added.

In addition to boosting affected users' bills, by automatically sending SMS spam messages, the worm puts the infected device in danger of being blocked by the mobile operator. AdaptiveMobile has contacted Google and the malicious URL has already been disabled.

AdaptiveMobile's write-up of the threat - featuring screenshots and code samples - can be found here.

Separately, mobile security firm Lookout has discovered a strain of Android malware in Google Play, dubbed BankMirage.

BankMirage is a fake banking app that clones the original app from an Israeli bank while adding a layer of code which steals victims' usernames, according to Lookout's blog post about the malware.

Curiously, the app steals users’ credentials but not their passwords. Once this information has been stolen, the fake app prompts the victim to reinstall the legitimate banking app from the Play store. ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Fast And Furious 6 cammer thrown in slammer for nearly three years
Man jailed for dodgy cinema recording of Hollywood movie
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Barnes & Noble: Swallow a Samsung Nook tablet, please ... pretty please
Novelslab finally on sale with ($199 - $20) price tag
Ballmer leaves Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Video of US journalist 'beheading' pulled from social media
Yanked footage featured British-accented attacker and US journo James Foley
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?