Android botnet spreads SMS spam
Posted on 18.12.2012
Researchers from two security firms have detected widespread SMS spam campaigns aimed at making users download a new Android Trojan that ropes their devices into a mobile botnet for sending our more spam.

Lookout has named the Trojan SpamSoldier, and warns that it has the potential to make a big impact at a network level as a single prolonged infection could result in thousands of SMS spam messages.

Potential victims have been receiving a number of different spam text messages with links leading to the malware:
  • Tired of SMS Spam? Download our free SMS Blocker today to finally rid yourself of unwanted messages! Download now at http://[redacted].com
  • Download Grand Theft Auto 3 & Need for Speed Most Wanted for Android phones for free at http://[redacted].mobi for next 24hrs only!
  • You have just won a $1000 Target Gift Card but only the 1st 777 people that enter code 777 at http://[redacted].com can claim it!
With this last, the spammer is also trying to make a few bucks by collecting the users' personal information for affiliate programs.

In the first two examples, the downloaded bogus game and security apps would be installed on the victims' Android devices and would sometimes work as intended. Unfortunately, alongside them the SpamSoldier Trojan is also installed.

The malware first hides its presence by deleting its icon from the launcher, then contacts a C&C server from which it receives the SMS spam message it will be sending out and a list of 50 to 100 US phone numbers to which to send it. Upon receiving all this information, it immediately starts to send out the spam messages every few seconds.

According to the researchers, the Trojan checks with the C&C server every 65 seconds for more numbers. Affected users are unlikely to spot its activity, as the Trojan intercepts the potential replies to the sent out spam.

"The sole infection vector appears to be spam SMS messages; we have not yet detected SpamSoldier on any major app stores," Lookout researchers point out. "The potential impact to mobile networks may be significant if the threat goes undetected for a long period of time. The primary negative impact appears to be the large amount of SMS messages sent and the potential this has to result in charges to the user and/or a slowdown of the carrier’s network."

"Compared with PC botnets this was an unsophisticated attack. However, this sort of attack changes the economics of SMS spam, as the spammer no longer has to pay for the messages that are sent if he can use a botnet to cover his costs. Now that we know it can be done, we can expect to see more more complex attacks that are harder to take down," say Cloudmark researchers.

As always, users are advised never to download apps from third-party sites to which they were sent by links in unsolicited text messages and emails.






Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //