Android does get attacked with Trojan apps, that have no self-propagation mechanism. So users don’t notice the malfunction. But here’s a different, rather rare, mode of attack that the Android devices are now facing. Selfmite is SMS worm attack. This is the second of such deadly viruses found in past two months.
Selfmite automatically sends SMS to the user with his name. The SMS contains shortened URL which triggers users to install third part APK file called TheSelfTimerV1.apk. The SMS says, “Dear [Name], Look the Self-time..” Some remote server hosts this malware application. User can find SelfTimer installed in app drawer of their Android devices.
Selfmite worm shows pop-up to download mobogenie_122141003.apk. Mobogenie offers synchronisation between Android devices and PCs. The app has over 50 million downloads on Play Store, but all are through various paid referral schemes and promotion programs.
Researchers at AdaptiveMobile believe that number of Mobogenie downloads are promoted through some malicious software used by unknown advertising platform.
Popular security vendor in North American detected dozens of devices that are infected with Selfmite. Attack campaign was launched using Google. Shortlinked URL of this malicious app was distributed in goo.gl shortlink format. The APK link was visited 2,140 times. Later Google disabled it.
Android devices detect apps from unknown and unauthorized developers. But some users enable installation authentication for apps from “unknown sources”. These are target devices for worms like this.
Researchers at AdaptiveMobile said, “The worm can have access to many of users sensitive information than just installing unwanted applications on infected devices. Worm can copy user’s billing information and use it to steal the money. Worm can also send spam messages for which mobile operator could block user’s phone number. Worm can redirect user to malware infected apks too.”
source: EFYTimes News