Menu
Rare SMS worm targets Android devices

Rare SMS worm targets Android devices

The new Selfmite Android malware spreads by sending text messages with a malicious link to the device owner's contacts

A rare Android worm that propagates itself to other users via links in text messages has been discovered by security researchers.

Once installed on a device, the malware, which was dubbed Selfmite, sends a text messages to 20 contacts from the device owner's address book.

Most malware programs for Android are Trojan apps with no self-propagation mechanisms that get distributed from non-official app stores. Android SMS worms are rare, but Selfmite is the second such threat discovered in the past two months, suggesting that their number might grow in the future.

The text message sent by Selfmite contains the contact's name and reads: "Dear [NAME], Look the Self-time," followed by a goo.gl shortened URL.

The rogue link points to an APK (Android application package) file called TheSelfTimerV1.apk that's hosted on a remote server, researchers from security firm AdaptiveMobile said in a blog post.

If the user agrees to install the APK, an app with the name "The self-timer" will appear in the app list.

In addition to spreading itself to other users, the Selfmite worm tries to convince users to download and install a file called mobogenie_122141003.apk through the local browser.

Mobogenie is a legitimate application that allows users to synchronize their Android devices with their PCs and download apps from an alternative app store. The Mobogenie Market app was downloaded over 50 million times from Google Play, but is also promoted through various paid referral schemes, creating an incentive for attackers to distribute it fraudulently.

"We believe that an unknown registered advertising platform user abused a legal service and decided to increase the number of Mobogenie app installations using malicious software," the AdaptiveMobile researchers said.

The security vendor, which claims that its technology is used by some of the largest mobile operators worldwide, said that it detected dozens of devices infected with Selfmite in North America.

The short goo.gl URL that was used to distribute the malicious APK was visited 2,140 times until Google disabled it. That doesn't mean attackers can't create another URL and launch a new attack campaign.

Giving its current distribution model the threat is likely to only affect users who have configured their devices to allow the installation of apps from "unknown sources" -- sources other than Google Play. Most users don't enable this feature on their phones, but some do because there are legitimate apps that are not distributed through Google Play.

"The impact on the user is not only have they been fooled into installing a worm and other software they may not want; the worm can use up their billing plan by automatically sending messages that they would not be aware of, costing them money," the AdaptiveMobile researchers said. "In addition, by sending spam the worm puts the infected device at danger of being blocked by the mobile operator. More seriously, the URL that the worm points to [in the browser] could be redirected to point to other .apks which may not be as legitimate as the Mobogenie app."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securitymalwaremobile securityAdaptiveMobile

Featured

Slideshows

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Kiwi channel debates GDPR as Reseller News Exchange hits Wellington

Kiwi channel debates GDPR as Reseller News Exchange hits Wellington

This exclusive Reseller News Exchange, in association with Arrow ECS ANZ, ForeScout and StorageCraft, went on the road to debate the early implications of GDPR in New Zealand, extracting opportunities while evaluating challenges for the channel in the year ahead.

Kiwi channel debates GDPR as Reseller News Exchange hits Wellington
Show Comments