June 27, 2014
Android Devices Being Targeted By New Text Messaging Worm
Peter Suciu for redOrbit.com - Your Universe Online
Security researchers this week identified a new Android worm that reportedly propagates itself to users via links in text messages. Once installed on a user's device the malware, which has been dubbed Selfmite, can send a text message to 20 contacts from the device owner's address book.
This malware is worrisome to security researchers because unlike most it isn't exactly a Trojan, and the fact that it has been discovered on Android devices also has suggested that the mobile platform could become increasingly susceptible to these types of viruses.
"SMS worms for Android smartphones don't appear very often," Denis Maslennikov of Adaptive Mobile wrote in a blog post earlier this week. "The vast majority of Android malware that has been discovered to date can be treated as trojans. But it doesn’t mean that other types of malware like SMS worms don't exist. Recently an SMS worm dubbed Samsapo was discovered and analyzed by a number of antivirus companies. Samsapo used a pretty common monetization mechanism: it was able to subscribe an infected device to a premium-rate service. It was also capable of stealing various types of personal information from a smartphone."
The messages sent by the malware contain a contact's name and reads: "Dear [Name], Look the Self-Time," which is followed by a goo.gl shortened URL, which actually points to an APK (Android application package) file called TheSelfTimerV1.apk. If installed the malware can try to spread itself. It also tries to convince users to download mobogenie.
That is actually a legitimate application that can be used to sync an Android device with a PC, while also providing a way to download apps.
Computer World reported that "The Mobogenie Market app was downloaded over 50 million times from Google Play, but is also promoted through various paid referral schemes, creating an incentive for attackers to distribute it fraudulently."
"As a result we believe that an unknown registered advertising platform user abused legal service and decided to increase the number of Mobogenie app installations using malicious software," Maslennikov added.
Adaptive Mobile reportedly found that the click-throughs for the goo.gl Mobogenie redirect currently totaled more than 210,000, which suggested that the campaign was reasonably successful. There are several notable downsides for users beyond being a shill in this ad-based scam.
"The worm can use up their billing plan by automatically sending messages that they would not be aware of, costing them money," explained Maslennikov.
Selfmite is the second such Android threat discovered in as many months.
Info Security Magazine also reported, "Malicious Android apps continued to grow in volume this year, reaching the two million mark in the first quarter of 2014, despite hitting one million just six months previously, according to Trend Micro."
In May redOrbit reported that Android, which is now the dominant mobile OS, is now overwhelmingly the prime target for malware. More than 99 percent of new mobile threats discovered by F-Secure during the period of the report were for the open source platform. The report identified 277 new threat families and variants. Of those 277, 275 targeted Android, one targeted iPhone and one targeted Symbian. The number of threats has increased since the same period last year when F-Secure identified 149 new threat families and variants, 91 percent targeted Android.