SMS Spam from Android Botnet

Wednesday, December 19, 2012 @ 01:12 PM gHale


There are widespread SMS spam campaigns going out aimed at making users download a new Android Trojan that ties devices into a mobile botnet for sending out more spam.

The Trojan named SpamSoldier has the potential to make a big impact at a network level as a single prolonged infection could result in thousands of SMS spam messages, said researchers at mobile security firm Lookout.

RELATED STORIES
Dorkbot Worm Goes Global
Secure Message not so Secure
Botnet Back and Thriving
Botnet Hides on Tor Network

Users have been receiving a number of different spam text messages with links leading to the malware:
• Tired of SMS Spam? Download our free SMS Blocker today to finally rid yourself of unwanted messages!
• Download Grand Theft Auto 3 & Need for Speed Most Wanted for Android phones for free at XXX for next 24hrs only!
• You have just won a $1000 Target Gift Card but only the 1st 777 people that enter code 777 at XXXX can claim it!

In the first two examples, the downloaded bogus game and security apps would install on the victims’ Android devices and would sometimes work as intended. Alongside them, however, the SpamSoldier Trojan ends up installed.

With the last item, the spammer is also trying to make some revenue by collecting users’ personal information for some affiliate programs.

The malware first hides its presence by deleting its icon from the launcher, then contacts a C&C server from which it receives the SMS spam message it will be sending out and a list of 50 to 100 U.S. phone numbers to which to send it. Upon receiving all this information, it immediately starts to send out the spam messages every few seconds.

According to the researchers, the Trojan checks with the C&C server every 65 seconds for more numbers. Affected users are unlikely to spot its activity, as the Trojan intercepts the potential replies to the sent out spam.

“The sole infection vector appears to be spam SMS messages; we have not yet detected SpamSoldier on any major app stores,” Lookout researchers said in a blog post. “The potential impact to mobile networks may be significant if the threat goes undetected for a long period of time. The primary negative impact appears to be the large amount of SMS messages sent and the potential this has to result in charges to the user and/or a slowdown of the carrier’s network.”

As always, users should never download apps from third-party sites from which they received links in unsolicited text messages and emails.



Leave a Reply

You must be logged in to post a comment.