Lookout has named the Trojan SpamSoldier, and warns that it has the potential to make a big impact at a network level as a single prolonged infection could result in thousands of SMS spam messages.
Potential victims have been receiving a number of different spam text messages with links leading to the malware:
- Tired of SMS Spam? Download our free SMS Blocker today to finally rid yourself of unwanted messages! Download now at http://[redacted].com
- Download Grand Theft Auto 3 & Need for Speed Most Wanted for Android phones for free at http://[redacted].mobi for next 24hrs only!
- You have just won a $1000 Target Gift Card but only the 1st 777 people that enter code 777 at http://[redacted].com can claim it!
In the first two examples, the downloaded bogus game and security apps would be installed on the victims' Android devices and would sometimes work as intended. Unfortunately, alongside them the SpamSoldier Trojan is also installed.
The malware first hides its presence by deleting its icon from the launcher, then contacts a C&C server from which it receives the SMS spam message it will be sending out and a list of 50 to 100 US phone numbers to which to send it. Upon receiving all this information, it immediately starts to send out the spam messages every few seconds.
According to the researchers, the Trojan checks with the C&C server every 65 seconds for more numbers. Affected users are unlikely to spot its activity, as the Trojan intercepts the potential replies to the sent out spam.
"The sole infection vector appears to be spam SMS messages; we have not yet detected SpamSoldier on any major app stores," Lookout researchers point out. "The potential impact to mobile networks may be significant if the threat goes undetected for a long period of time. The primary negative impact appears to be the large amount of SMS messages sent and the potential this has to result in charges to the user and/or a slowdown of the carrier’s network."
"Compared with PC botnets this was an unsophisticated attack. However, this sort of attack changes the economics of SMS spam, as the spammer no longer has to pay for the messages that are sent if he can use a botnet to cover his costs. Now that we know it can be done, we can expect to see more more complex attacks that are harder to take down," say Cloudmark researchers.
As always, users are advised never to download apps from third-party sites to which they were sent by links in unsolicited text messages and emails.