Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Incident Response, TDR, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Android worm ‘Selfmite’ pulls pay-per-install scam

Researchers have found a rare SMS worm targeting Android devices, which is being used to further a pay-per-install scheme.

In a Wednesday blog post, security firm AdaptiveMobile revealed that the worm, dubbed “Selfmite,” had only been detected on dozens of devices in North America, before the company stopped further propagation. But researchers noted the unique attack method leveraged by miscreants.

Victims receive SMS messages containing a shortened goo.gl link, which actually leads to the Selmite worm. The malware will then immediately text victims' contacts, continuing the malicious cycle via the spread of malicious URLs.

AdaptiveMobile noted that Selmite will also invite users to download a legitimate app, Mobogenie, which allows attackers to profit on a per download basis. The discovery of Selfmite comes two months after ESET researchers found “Samsapo,” – believed to be the first Android worm in the wild.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.