SMSFactory Android Trojan Racks Up Phone Bills
An ongoing malicious campaign was tracked by security researchers. The new malware campaign pushes the SMSFactory trojan that affects Android devices.
The mobile malware targets victims according to geolocation, latching onto phones if the user is in Russia, Ukraine, Turkey, France, Spain, and South America's two largest countries - Brazil and Argentina.
The malware racks up the phone bills of its victims by sending SMS messages to expensive services and making calls to numbers that charge premium rates. The malware authors have gone for a softer approach, with the SMSFactory malware only doing about $7 worth of additional fees per week. This probably helps it remain undetected longer, as the difference in the monthly bill would not be massive, but the malware would still pump over $300 extra charge over the course of a year.
The malware is being distributed using push notifications, malicious ad campaigns, and through websites that allegedly offer cracks for paid software and games, as well as adult content pages.
The malware is also posing as an application that offers access to "the content", according to its initial screen.
Once installed, SMSFactory hides its presence on the victim system, making detection very difficult, especially if the extra monthly bill does not raise any suspicions.