There’s an app for everything — even a Trojan that stealthily takes over Android smartphones and sends out hundreds of spam messages via SMS. Mobile security research company Cloudmark identified the malicious app in December 2012, monitoring its methods and development.
It has been identified as “SpamSoldier”. The Trojan masquerades as an offer of free and popular Android games in order to fool phone users into downloading it. Though described as “unsophisticated”, the mobile spam botnet is nevertheless costly for the victim, as the spammer will be able to use the infected phone’s resources and a shocking phone bill is bound to come up.
Worse, Cloudmark believes this attack to be a simple first foray and expects this to be the foundation of more complex mobile attacks in the near future.
What is SpamSoldier?
SpamSoldier is a Trojan application that utilizes mobile botnet behavior to distribute spam messages through SMS. It begins with an innocuous SMS invitation, offering free games such as Need for Speed, Grand Theft Auto, and Angry Birds Space to the message recipient.
By clicking on the download link embedded in the message, users are unwittingly downloading the Trojan app to their phones. The link leads to a server based in Hong Kong, not to the Android app store, Google Play. Since it connects to a different source, the user is asked to take a few steps to grant permission and disable built-in safeguards. These extra steps ensure that the Trojan can fully take effect.
How does it work?
Once the Trojan has been downloaded, the infected phone becomes a “zombie”. SpamSoldier will initiate botnet behavior, taking over the phone and using it to send out spam messages and further distributing the Trojan.
Upon full installation of the Trojan, it will attempt to connect to a Command and Control server, which will provide the zombie phone with the message and the numbers to contact. Approximately fifty to one hundred numbers will receive the spam messages from the zombie phone. The process repeats itself continuously, with the zombie phone checking with the Command and Control server for new numbers to contact after each set of spam SMS is successfully sent out.
What is particularly insidious is the app’s ability to remain hidden. The app prevents the phone from saving the outgoing spam SMS. Also, it will try to block any replies to the spam SMS. This way, the user remains unaware of what is happening — up until a massive phone bill appears.
Rebooting the phone won’t be any help as the Trojan will simply restart itself, masquerading as a handset service.
Risk and Protection
At present, mobile security agency Lookout believes that the scope of the Trojan is limited. It does require additional steps apart from the download link in order to get the virus started. However, attacks are growing as more and more phone users fall for the “free games” offer. The spammers are also expected to use different baits in the future; at present there are also spam links hiding in offers of online gift cards, anti-virus apps, and adult videos.
The best way to prevent infection is to avoid downloading anything from unknown sources. Download apps only from the Google Play store. There have been no reports of Trojan apps infiltrating the official Google app store, so it remains a safe resource.
Spammers will try a variety of ways to dupe mobile users, so it is best to remain vigilant. An offer that seems too good to be true probably is. Avoid downloading from unverified sources and stay safe.
Author Bio:- Eric Halberg is a software and technology researcher. He loves sharing his findings through writing and his articles mainly appear on tech blogs. Visit www.GetDirectTV.org to learn about their online services.