Sites Breached to Send SMS Trojans

Friday, January 25, 2013 @ 10:01 AM gHale


There is a cybercriminal campaign whose main goal is to distribute Android malware that sends SMS messages to premium rate numbers and to ensure success, attackers are abusing legitimate websites.

One example is a popular Bulgarian site that offers branded watches, said researchers at security provider Webroot. Those who visit it end up redirected to another website which serves the SMS Trojans.

RELATED STORIES
Twitter Fixes Message Spying Bug
Facebook App for iOS Flawed
Facebook Flaw: Webcam Recording
Twitter SMS Vulnerability

There are at least three variations of this campaign. In one of them, Russian-speaking users end up lured with a fake Adobe Flash Player app.

Besides malicious Flash Players, victims also get a promise of a new Google Play site and an Android browser.

Once it finds itself on a mobile device, the malware collects information such as IMEI, IMSI, phone brand, and operator data and sends it back to a remote server . After that, it starts inflating the victim’s mobile bill by sending SMSs to premium rate numbers.



Leave a Reply

You must be logged in to post a comment.