Russian SMS Trojan for Android hits US, dozens of other countries

Android malware that sends text messages to premium-rate numbers expanded globally over the past year, researchers warn

An Android Trojan app that sends SMS messages to premium-rate numbers has expanded globally over the past year, racking up bills for users in over 60 countries including the U.S., malware researchers from Kaspersky Lab said.

The malware program, which Kaspersky products detect as Trojan-SMS.AndroidOS.FakeInst.ef, dates back to February 2013 and was originally designed to operate in Russia.

The Trojan disguises itself as an application for watching porn videos, but once installed on a device it downloads an encrypted configuration file and starts sending SMS messages to predefined premium-rate numbers, depending on the user's mobile country code.

For example, when the malware encounters mobile country codes -- special codes used by carriers to identify mobile networks in different countries -- in the range of 311 to 316, which correspond to the U.S., the malware sends three messages that cost $2 each to 97605, the Kaspersky researchers said in a blog post Wednesday.

The malware can also intercept incoming messages and can receive commands from command-and-control servers to send specific text messages to particular phone numbers.

The Kaspersky researchers have identified 14 different versions of Trojan-SMS.AndroidOS.FakeInst.ef and determined that the malware has spread to 66 countries.

"This particular program was the first SMS Trojan to reach users in the U.S.," said Roman Unuchek, senior malware analyst at Kaspersky Lab via email.

According to the antivirus vendor's statistics, the number of Trojan-SMS.AndroidOS.FakeInst.ef victims in the U.S. is still low, with the largest number of infections being recorded in Russia and Canada.

Cybercriminals have used premium-rate SMS Trojans for years to steal money from Android users in China, Russia and other countries where the use of non-official app stores is common. However, Trojan-SMS.AndroidOS.FakeInst.ef and another widespread Trojan called Trojan-SMS.AndroidOS.Stealer.a, which has support for 14 countries, suggest a global escalation for this type of threat.

"It appears that the cybercriminals have built up sufficient resources to expand their illegal business on a global scale," Unuchek said.

The Kaspersky researchers did not clarify how the rogue apps that carry this Trojan are being distributed. The apps are not likely downloaded from Google Play, because Google has gotten much better at policing its app store in recent years. So Android users are probably affected after specifically configuring their phones to allow the installation of apps from "unknown sources."

Many users might have that setting enabled because it's needed to install some legitimate applications that can't be distributed through Google Play for policy reasons -- for example some online poker clients. In addition, attackers could also use social engineering techniques to trick users into enabling support for unknown app sources.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Googlesecuritymobile securityspywaremalwarekaspersky labfraud

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?