Researchers have detected that quickly spreading Android malware has furthered a fraud campaign in Taiwan.
In a Friday blog post, Trend Micro warned of the threat, “ANDROIDOS_RUSMS.A,” which is delivered via malicious SMS.
Attackers use social engineering (in the form of “urgent” text messages) to get users to click malicious links leading to the malware. After victims install the malicious app, attackers can send SMS from victims' phones and intercept incoming texts, the blog post said.
From there, attackers go on to profit via micropayment fraud – which is similar to premium SMS services, except that an SMS confirmation code is required to complete a transaction, Trend Micro said. Fraudsters circumvent authentication as they are able to intercept victims' text messages.
In Q1 2014, malicious links leading victims to the Android malware were visited nearly 32,000 times, Trend Micro found.