© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

TrojanSMS malware spreading via two malicious Android app stores

The malware spreads through push notifications, alerts, and malvertising on free video streaming, adult sites, and game-hack pages.

TrojanSMS, which the company calls SMSFactory, siphons money from victims worldwide, including the US, France, and Spain, by sending premium SMS and making calls to premium-rate phone numbers.

“These numbers appear to be part of a conversion scheme, where the SMS includes an account number, identifying who should receive the money for the messages sent. Undetected, it can rack up a high phone bill, up to $7 per week or $336 per year, leaving an unpleasant surprise for victims,” cybersecurity company Avast said.

Avast claims it has protected more than 165,000 people worldwide, including users in Russia, Brazil, Argentina, Turkey, and Ukraine, from this threat this year.

One of the discovered SMSFactory versions can also extract victims’ contact lists to spread the malware further. Due to the nature of this malware, the user is unaware of the damage until they receive their phone bill.

Threat actors have been spreading the malware via two malicious Android app stores and targeting people looking for a game hack, adult content, free video streaming, or similar apps.

Avast noted that the bad actors heavily rely on malvertising. It refers to a type of cyberattack when fraudsters embed malicious code in advertisements to get the user’s device injected with malware. The user is prompted to download a file that is made to resemble the site they were redirected from.

Once the victim installs an app, they are met with a welcome screen.

“Clicking accept will activate the app’s malicious behavior. The app then presents the user with a basic menu of videos, adult content, and games that don’t work or aren’t available most of the time,” Avast said.

To avoid similar scams, users should stick to official app stores, limit premium SMS, and, of course, remain vigilant.

More from Cybernews:

Leaky database exposes job seekers to phishing attacks

Black Basta: a new ransomware group or a Conti faction?

Russia calls for Google ban on Tor

Evil Corp sheds skin to evade US sanctions

Musk to staff: work for at least 40 hours or “depart Tesla”

US shuts down site for trading stolen passwords

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked