Saturday, 18 November 2017

AdaptiveMobile uncovers attacks from new SMS worm

AdaptiveMobile
Wednesday 25 June 14

AdaptiveMobile, the world leader in mobile security, today confirmed it has discovered and is actively blocking a previously unknown piece of mobile malware dubbed Selfmite. The malware spreads via SMS and fools users into installing a worm app which propagates by automatically sending a text message to contacts in the infected phone’s address book…

AdaptiveMobile, the world leader in mobile security, today confirmed it has discovered and is actively blocking a previously unknown piece of mobile malware dubbed Selfmite.

The malware spreads via SMS and fools users into installing a worm app which propagates by automatically sending a text message to contacts in the infected phone’s address book. The worm then requests users to install another legitimate app via an advertising platform; the author of the worm is paid every time this legitimate app is successfully installed.

AdaptiveMobile has detected infected devices on operator networks in North America and is blocking the spread of messages containing links to the worm. The worm was first discovered in the US where the worm seems concentrated, but activity has also been recorded from a dozen countries worldwide.

“Using our unique focus on network-to-handset security, we were able to detect this infection early, limiting the harm done by Selfmite. At the moment North America seems to be the most targeted territory,” said Denis Maslennikov, Security Analyst, AdaptiveMobile.

“SMS worms for Android smartphones have previously been rare, but this and the recent Samsapo worm in Russia may indicate that cybercriminals are now starting to broaden their attacks on mobile phones to use different techniques that users may not be aware of,” said Denis Maslennikov.

The worm spreads by sending users the following SMS which contains a URL that redirects to the malware: ‘Dear [NAME], Look the Self-time, http://goo.gl/[REDACTED]'. If a user clicks on the goo.gl shortened link, they are invited to download and install an APK file which appears as an icon on their smartphone menu, after installation.

Once launched, Selfmite immediately reads the device’s address book for a name and phone pairing and sends the message to 20 different contacts using the name as a greeting. After sending the malicious SMS messages to the new potential victims, the user will be invited to download and install Mobogenie which is a legitimate app for managing and installing Android apps.

“There is a monetisation aspect to this worm. To redirect users to the Mobogenie app, the Selfmite worm uses an advertising platform, therefore we believe that an unknown registered user of the advertising platform abused a legal service and attempted to increase the number of Mobogenie app installations using malicious software,” said Denis Maslennikov.

In addition to impacting users billing plan, by automatically sending spam messages, the worm puts the infected device in danger of being blocked by the mobile operator. AdaptiveMobile has contacted Google and the malicious URL has already been disabled.


View more of the latest press releases from across the industry or post your company's news.

Please enable JavaScript to view the comments powered by Disqus.

Newsletter signup

Quickly get on board and up to date with the telecoms industry