Android 'SMS Stealer' hides in World Cup-themed apps
SMS Stealer allows saboteurs to execute a myriad of malicious feats.
At the height of buzz surrounding the international soccer tournament, mobile users are being tricked into downloading World Cup-themed malicious apps.
“Upon analysis, we found that the bulk of the malware in question are variants of prevalent mobile malware families,” a Thursday blog post by Trend Micro said.
Researchers found variants of Android trojan OpFake in the third-party app stores – malware that leaves users open to a myriad of scams and threats, such as SMS messages being sent to premium rate numbers, and sensitive data, like contacts and messages, being leaked from their phone.
But the most concerning malicious apps were those spreading Android malware called “SMS Stealer,” Trend Micro found.
Sharing malicious features similar to OpFake, the malware family, ANDROIDOS_SMSSTEALER.HBT, goes a step further in that it connects to an attacker-operated server to execute other commands, which can include blocking victims' incoming texts, sending SMS to other numbers, or installing additional malware on victims phones.
On Friday, Tom Kellermann, chief cybersecurity officer at Trend Micro, told SCMagazine.com in an interview that SMS Stealer was the most worrisome of the World-Cup themed apps, as it spoke to “the capacity of criminals to colonize Android devices, not just for premium messaging abuse, but for other malicious purposes.”
“Because it can be utilized as part of a botnet, [SMS Stealer] can be updated to manipulate text messages, or turn Bluetooth on and off [for instance],” Kellermann continued. He later added that the malware could cause infected devices to “smish” (or text malicious links to) contacts, such as family, friends and coworkers.
In the blog post, Trend Micro advised users to be minimize threats to their devices by only downloading apps from trusted sources.
“While it may be a fact of life that big sporting events like these will inevitably have some sort of cybercriminal attack or campaign following close behind, being a victim of them isn't,” the blog post said. “Users are reminded not to download anything from third-party app download sites, and to utilize mobile security solutions… in order to keep their mobile devices secure.”