Newly discovered mobile malware can increase victims' phone bills, Avast cybersecurity professionals have revealed.

The antivirus company recently detected unique SMSFactory malware being distributed among its Brazilian customers, with mobile users in Russia, Ukraine, Turkey and Argentina also appearing to be in the crosshairs.

SMSFactory inflicts damage by instructing the Android smartphone to send phone calls and text messages to premium rate numbers. It is distributed through unofficial channels, which means you will not find SMSFactory on the Play Store, but you will find it on APKMods and PaidAPKFree, two mobile app repositories with questionable policies. Avast also claims that the attackers promote the app with malicious ads, push notifications, various pop-ups and promotional websites, videos, etc.

Among the various permissions requested by the app, the researchers also found permission to access the contact list (opens in a new tab), so it is very likely that it uses the list to further expand its reach. Other requested permissions include location data, permission to make phone calls, send and read text messages, lock and vibrate, manage overlay, use full screen, track notifications, and start various background activities.

If these permissions weren't big enough to be a red flag, the Android device will also trigger a warning during installation, telling the potential victim that the app is dangerous. However, many appear to have turned a blind eye to the warnings, as the app has "tens of thousands" of installs, Avast said.

Once installed, the application will display a message indicating that it does not work or that the service is not available. Since it hides its name and icon, many users find it difficult to remove it or apparently forget that they installed anything.

However, the application continues to work in the background, maintaining its connection with the C2 server and sending an identification profile of the infected terminal.

Via: BleepingComputer (Opens in a new tab)

Share This