Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Incident Response, TDR, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Possibly the first Android worm, spreading through SMS, found in wild

A new piece of mobile malware spreading in Russia may be the first Android worm in the wild, according to ESET researchers, who believe the malware could make its way to the U.S. before long.

The malware, designed to infect Android mobile devices and carry out trojan-like attacks, was detected by ESET as ‘Android/Samsapo.A,' according to a Wednesday post, which explains it shares a characteristic similar to many worms – it spreads itself through automated systems.

The automated process, in this case, is SMS messages.

Upon infection, the worm accesses and shoots out SMS messages to everyone in the victim's contact list. The message it sends asks, “Is this your photo?” in Russian and contains a link that, when pressed, asks users to install the downloaded malicious APK file.

“It is not known how the first domino piece was set into motion, but the SMS spreading is the most interesting feature of this malware,” Robert Lipovsky, a malware researcher with ESET, told SCMagazine.com in a Wednesday email correspondence. “It's rather uncommon, since Android trojans usually spread by masquerading as [sometimes cracked] legitimate apps.”

The worm is able to download malicious files from specified URLs, upload information on the mobile device to a remote server, register the phone number into a premium SMS service, block phone calls, and alter alarm settings, according to the post.

Although the worm can be spotted as a running service on the device, ultimately, the malware does a decent job of concealing itself by providing no graphical user interface, as well as no application icon, Lipovsky said, adding that the best chance to spot it and stop it is during installation.

“So far this is only a Russian thing, but it is quite likely to make its way to other countries,” Lipovsky said. “SMS trojans – the type that covertly send SMS messages to premium numbers – also started in Russia and Ukraine, but eventually we found malware that 'supported' more than 60 countries across the globe.”

To defend against these types of threats, Lipovsky recommends not installing applications from unknown sources, watching out for social engineering scams, and using updated anti-malware solutions on mobile devices.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.