Published: July 05, 2022 on our newsletter Security Fraud News & Alerts Newsletter.
By now, you thought you knew what to expect from your monthly phone bill. But surprise, that bill now shows expensive SMS (texts) you never sent and premium-priced calls you never made. The answer to this mystery lies with TrojanSMS, the Android malware hiding on third-party app stores.
The phone bills range from an extra $1 a month to $7, month after month. Some victims won’t notice the extra charges, but with countless targets around the world, the added fees quickly add up to big money for the hacker. Avast comments on this crime, saying “These numbers appear to be part of a conversion scheme, where the SMS includes an account number, identifying who should receive the money for the messages sent...” Also called SMSFactory, one version of this trojan steals contacts from the victim’s phone, using them to further spread the malware.
Avast has been tracking this malicious campaign and shares their findings. They spotted TrojanSMS available in two different third-party Android app stores. They found it hiding as an app, offering free access to video streaming sites, gaming hacks, or adult-themed content. Malvertising, push notifications, and alerts are promoting this infected app.
Once downloaded, TrojanSMS hides in a way that’s almost impossible for a victim to detect, so the question mark about higher phone bills remains. However, there are tips on how to avoid downloading TrojanSMS to begin with, and make sure you never download it again.
Avoid downloading apps and other software from third-party stores, also known as Sideloading. They’re well known for not scanning apps so well for malware before making them available. Although the price is right (free), in the end, the cost of recovering isn’t worth it. Download only from the official Google and Apple app stores, or whatever the official store is for your device.
Always read app reviews before downloading. They provide important information, both good and bad. View the most recent reviews first since issues early on can be different from those current, especially if they involve security. Also, be aware of fake reviews which are usually short but very sweet.
Always use anti-virus software on your devices and keep it up-to-date with the latest versions and security patches as soon as they are available.
More often than not, the price tag for “free” isn’t worth it, especially online. Trust yourself to make the safest decision and avoid third-party app stores all together.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com
Comments