Android 'SMS Stealer' hides in World Cup-themed apps

Share this article:
Android 'SMS Stealer' hides in World Cup-themed apps
SMS Stealer allows saboteurs to execute a myriad of malicious feats.

At the height of buzz surrounding the international soccer tournament, mobile users are being tricked into downloading World Cup-themed malicious apps.

On Thursday, Trend Micro warned that more than 375 spurious apps targeting the Android platform had recently cropped up in unauthorized, third-party app stores.

“Upon analysis, we found that the bulk of the malware in question are variants of prevalent mobile malware families,” a Thursday blog post by Trend Micro said.

Researchers found variants of Android trojan OpFake in the third-party app stores – malware that leaves users open to a myriad of scams and threats, such as SMS messages being sent to premium rate numbers, and sensitive data, like contacts and messages, being leaked from their phone.

But the most concerning malicious apps were those spreading Android malware called “SMS Stealer,” Trend Micro found.

Sharing malicious features similar to OpFake, the malware family, ANDROIDOS_SMSSTEALER.HBT, goes a step further in that it connects to an attacker-operated server to execute other commands, which can include blocking victims' incoming texts, sending SMS to other numbers, or installing additional malware on victims phones.

On Friday, Tom Kellermann, chief cybersecurity officer at Trend Micro, told SCMagazine.com in an interview that SMS Stealer was the most worrisome of the World-Cup themed apps, as it spoke to “the capacity of criminals to colonize Android devices, not just for premium messaging abuse, but for other malicious purposes.”

“Because it can be utilized as part of a botnet, [SMS Stealer] can be updated to manipulate text messages, or turn Bluetooth on and off [for instance],” Kellermann continued. He later added that the malware could cause infected devices to “smish” (or text malicious links to) contacts, such as family, friends and coworkers.  

In the blog post, Trend Micro advised users to be minimize threats to their devices by only downloading apps from trusted sources.

“While it may be a fact of life that big sporting events like these will inevitably have some sort of cybercriminal attack or campaign following close behind, being a victim of them isn't,” the blog post said. “Users are reminded not to download anything from third-party app download sites, and to utilize mobile security solutions… in order to keep their mobile devices secure.”

Share this article:

Sign up to our newsletters

More in News

Leahy bill would end bulk data collection, introduce reforms

Leahy bill would end bulk data collection, introduce ...

Sen. Patrick Leahy introduced an NSA reform bill that would update the USA Freedom Act.

House passes two cyber security bills

One bill aims to improve agencies' website security, while another works to thwart critical infrastructure attacks.

A five-month-long Tor attack attempting to 'deanonymize' users

For roughly five months beginning in January, traffic confirmation attacks were used to attempt to "deanonymize" Tor users.