SMSFactory Trojan Is Driving Up Android Phone Bills With This Stealthy Tactic
Cybersecurity researchers at Avast have been tracking a trojan that leverages phone calls and SMS messages to perpetrate theft. The researchers have dubbed the trojan “SMSFactory,” which is one of the class names in the malware’s code. The Avast researchers have found the trojan disguised as apps offering access to game hacks, video streaming, and adult content.
The SMSFactory malware embedded in these apps begins by sending device identification and phone service information back to the threat actors behind this malware campaign. The threat actors then send back instructions, directing the malware to regularly send premium SMS messages or make phone calls to premium numbers. These messages and calls direct funds to the threat actors, adding extra charges to victims’ phone bills.
One of the trojan apps includes a terms and conditions section that attempts to explain the trojan’s behavior. This section reads, “PRIVATE APP: Seeing that is an adults only contents app, the app will appear on your desktop as a transparent icon so as to maintain your privacy in the event of other users using your Smartphone.SUBSCRIPTION As long as you have thea pp installed you will be subscribed to the app, so they will send SMS automatically so you can continue enjoying the content.”
Beyond the gaming, video, and adult content apps found by Avast that include the SMSFactory trojan, ESET researchers have discovered two entire app stores that distribute the trojan. Both paidapkfree.com and apkmods.world claim to offer a large variety of popular apps, but instead install apps that exhibit the same behavior as the apps found by Avast and contain the SMSFactory trojan.