SpamSoldier SMS spamming botnet found targeting Android devices

December 17, 2012
9
224

Android Malware, Viruses, and Malicious Apps

We continue to talk about Android malware today – after seeing not one, but two reports in recent days detailing malware expectations in the mobile worlds for 2013, but also after hearing about the Samsung Exynos exploit that could make things easier for malicious apps.

This time around we’re looking at an article posted on the blog of security firm Lookout about a newly discovered SMS spamming botnet. Called SpamSoldier, the spammer botnet “uses infected phones to send a barrage of SMS spam messages without the user’s consent.” Here are some text examples:

  • “You’ve just won a $1000 Target gift card but only the 1st 1000 people that enter code 7777 at hxxp://holyoffers.com can claim it!”
  • “Download Grand Theft Auto 3 & Need for Speed Most Wanted for Android phones for free at hxxp://trendingoffers.com for next 24hrs only!”

As you can see, Android users are also targeted by the botnet, which itself is spreading via such SMS messages. Thinking they get deals on certain apps, users click on links provided in such messages at which point the malicious apps installs itself on the smartphone, deletes it tracks and starts, well, doing its job: sending SMS messages.

Once installed, the app spams 100 U.S. phone numbers at a time. When it’s done with each batch it reloads with another fresh set. Meanwhile users don’t know what’s happening as the app deletes outgoing messages and intercepts any SMS replies to the messages it sends.

So far, the impact is seen as “limited,” but while detections “remain low,” Lookout has observed “instances on all major U.S. carriers.” Obviously, Lookout says its own app detects the threat, both the Free and Premium versions.

Has anyone been affected by such a malicious app? How did you discover it?

Comments