PandaLabs security firm has identified malicious Android apps available on Google Play that can sign up users for premium SMS subscription services without user knowledge. The malware has infected at least 300,000 Android devices, although the number of downloads could have reached 1,200,000.
“Without the user knowledge the app will get the phone number of the device, will go to a website and will register it to a premium SMS service. This service require a confirmation to be activated, which means it sends a SMS to that number with a PIN code, which have to be entered back to end the process and start changing you money. This app waits for that specific message, once it arrives it intercepts its arrival, parses it, takes the PIN number and confirm your interest in the service. Then it removes it, no notification is shown in the terminal and the SMS is not shown anywhere. Again, all this is done without the user knowledge.” states the PandaLabs blog post.
The experts at Panda Labs estimated that the average each victim gets charged by these apps is $20 and considering that overall number of downloads is between 300,000 and 1,200,000, this means that the cyber criminals could have made between $6 million and $24 million.
It’s not the first time that a malware is served via Google Play store, in the past popular banking trojan like Carberp has been spread through the official channel.
Be careful to what you install on your mobile and evaluate the permissions apps need to be installed, they could allow malicious code to cause serious problems.
(Security Affairs – Android, SMS)
Google addressed a Chrome's Password Manager bug that caused user credentials to disappear temporarily for…
The Internet Systems Consortium (ISC) released BIND security updates that fixed several remotely exploitable DoS…
Terrorist groups are increasingly using cyberspace and digital communication channels to plan and execute attacks.…
Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report…
A critical flaw in some versions of Docker Engine can be exploited to bypass authorization…
The CVE-2024-21412 flaw in the Microsoft Defender SmartScreen has been exploited to deliver information stealers…
This website uses cookies.