New malware, which targets Android users with the offer of a system upgrade, has been discovered. UpdtBot (Update Bot), as it is known, spreads via SMS messages but is really a malicious app which allows the device to be controlled by a remote Command and Control (C&C) server to send text messages, make phone calls, and download and install apps.
The unsuspecting victims receive a SMS message which tells them that their system is at risk and they should install the latest Android update. But the link provided isn’t for a new firmware update but in fact for a malicious app. The problem with text messages is that they are very common place and have a high read rate (meaning that most people read every message they receive), coupled with the fact that users seem to trust text messages, it means that victims all too easily follow links sent via text message.
Once the link is followed and the app is installed, Updtbot talks with the C&C server and awaits instructions. It is likely that the cyber criminals will attempt to make money from this malware by causing the infected phone to call premium rate numbers or send text messages to premium rate services. There is also the possibility that they will attempt to install other malware on the device including banking trojans and key loggers.
According to the research done by the NQ Mobile Security Research Center, over 160,000 Android devices have been affected by UpdtBot. However it looks initially as if these infections are mainly on Chinese mobiles. There are no current reports that the malware has made its way into Google Play or the Amazon Appstore.
It is important to use common-sense when installing apps on your device and when following links sent by email or SMS. In particular: