RuMMS malware using smishing to attack victims: FireEye

FireEye researchers have spotted in the wild a new version of the RuMMS malware family that is attacking people in Russia using a SMS text message phishing, or smishing, scheme to steal personal and banking data from the phone.

An attack starts with the victim receiving what appears to be an innocuous text containing a malicious link that when clicked downloads RuMMS malware. The first RuMMS infection was observed in January 2016, but on April 3 FireEye noticed new samples emerging.

After establishing itself on the device, the RuMMS app requests admin privileges and runs hidden in the background. It then connects to its command and control server and begins sending texts containing banking information, redirecting incoming texts to the remote server, sending its own texts to phone numbers found on the device and forwarding incoming calls to intercept voice-based two-factor authorization requests.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.