Android 'SMS Stealer' hides in World Cup-themed apps

Share this article:
Android 'SMS Stealer' hides in World Cup-themed apps
SMS Stealer allows saboteurs to execute a myriad of malicious feats.

At the height of buzz surrounding the international soccer tournament, mobile users are being tricked into downloading World Cup-themed malicious apps.

On Thursday, Trend Micro warned that more than 375 spurious apps targeting the Android platform had recently cropped up in unauthorized, third-party app stores.

“Upon analysis, we found that the bulk of the malware in question are variants of prevalent mobile malware families,” a Thursday blog post by Trend Micro said.

Researchers found variants of Android trojan OpFake in the third-party app stores – malware that leaves users open to a myriad of scams and threats, such as SMS messages being sent to premium rate numbers, and sensitive data, like contacts and messages, being leaked from their phone.

But the most concerning malicious apps were those spreading Android malware called “SMS Stealer,” Trend Micro found.

Sharing malicious features similar to OpFake, the malware family, ANDROIDOS_SMSSTEALER.HBT, goes a step further in that it connects to an attacker-operated server to execute other commands, which can include blocking victims' incoming texts, sending SMS to other numbers, or installing additional malware on victims phones.

On Friday, Tom Kellermann, chief cybersecurity officer at Trend Micro, told in an interview that SMS Stealer was the most worrisome of the World-Cup themed apps, as it spoke to “the capacity of criminals to colonize Android devices, not just for premium messaging abuse, but for other malicious purposes.”

“Because it can be utilized as part of a botnet, [SMS Stealer] can be updated to manipulate text messages, or turn Bluetooth on and off [for instance],” Kellermann continued. He later added that the malware could cause infected devices to “smish” (or text malicious links to) contacts, such as family, friends and coworkers.  

In the blog post, Trend Micro advised users to be minimize threats to their devices by only downloading apps from trusted sources.

“While it may be a fact of life that big sporting events like these will inevitably have some sort of cybercriminal attack or campaign following close behind, being a victim of them isn't,” the blog post said. “Users are reminded not to download anything from third-party app download sites, and to utilize mobile security solutions… in order to keep their mobile devices secure.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.