• Thu. Dec 1st, 2022

New Android Malware Subscribes to Premium Services, Leading to High Mobile Phone Bills

ByCindy J. Daddario

Jun 6, 2022
Cybersecurity major AVAST has identified a new malware attacking Android smartphones. The newly detected malware is called “SMSFactory” and, as the name suggests, the malware subscribes to premium SMS services and hotlines, all without the knowledge of the victim.
AVAST has detected the presence of SMSFactory in Russia, Brazil, Argentina, Turkey, Ukraine, United States, France and Spain. “These numbers appear to be part of a conversion scheme, where the SMS includes an account number, identifying who should receive the money for the messages sent. Undetected, it can drive up a high phone bill, up to $7 per week or $336 per year, leaving victims with a nasty surprise,” says AVAST.

How Does SMSFactory Malware Spread?

Related News

Indias VPN Saga and the Illusion of Privacy

India’s VPN saga and the illusion of privacy

Chinese hackers are now using Follina a zero-day vulnerability in Microsoft Office against the international Tibetan community

Chinese hackers are now using “Follina”, a zero-day vulnerability in Microsoft Office against the international Tibetan community

AVAST has found a version of the malware capable of extracting victims’ contact lists, which may further spread the malware. However, the company believes that the malware spreads through several channels such as –

  • Push notifications
  • Promotional pop-ups
  • video game hacks
  • Access to adult content

How it works?

Once the victim falls prey to the clickbait and downloads the malware, “Once installed, the user is greeted with a welcome screen. Clicking accept will enable the application’s malicious behavior. The application then presents to the ‘user a basic menu of videos, adult content and games that either don’t work or aren’t available most of the time,’ says AVAST

Related News

Crooks use this new trick to gain access to OTP

Crooks use this new trick to gain access to OTP

Security Alert Smartphones powered by UNISOC chips vulnerable to remote hacking

Security alert: smartphones powered by UNISOC chips vulnerable to remote hacking

The malware also tries hard to stay undetected, it doesn’t even have an app icon or app name. “It’s obvious that the malware relies on the user forgetting the app on their phone.”

Once hidden, the malware communicates with a predefined domain. It sends a unique identifier assigned to the device, its location, phone number, carrier information, and phone model. “If the threat actors behind this campaign deem the victim’s device usable, the domain sends instructions back to the device. This will either be a list of phone numbers that the malware will send premium SMS to or a specific number that the app will attempt to call,” says AVAST. Raking the victim’s mobile phone bill.

When testing AVAST, researchers found a daily charge of $1 for every ten SMS messages sent, or $30 per month. And if the victims do not notice the app or the charges or even forget that the app is installed on their device, a very inflated phone bill will reach them at the end of the month.

How to stay away from such malware?

  • Install your apps from Google Play only.
  • Install an antivirus on your smartphone
  • Stay alert to what all apps reside on your phone, don’t install and don’t forget.