What may seem to be a legitimate application used for monitoring and managing SMSs, calls and internet traffic on an Android smartphone, can always masquerade a malicious Trojan that once it lands on a device, will start sending messages to premium rate numbers.
experts came across the application which was designed to target users from countries such as Belgium, France, Switzerland, Luxemburg, Germany, Spain and Canada, which unfortunately means that these cybercriminals moved their operations from China and Russia to Europe and Northern America.
On a closer inspection, the app that was hosted on the web as SuiConFo
, revealed to be hiding a SMS Trojan identified as Trojan-SMS.AndroidOS.Foncy,
which sends four short messages to premium rate numbers.
To make the piece of software as legitimate looking as possible, its creators made sure that an icon would appear in the phone’s menu, but once it’s launched an error pops up, claiming that the Android version is not compatible.
Right after the error shows up, the Trojan will use two public methods in order to determine the ISO country code of the SIM card. Based on this country code, it will send the four SMSs to one of the eight locations.
An interesting thing about this piece of malware is that it will not only send short messages, but it will also hide incoming SMSs from certain numbers. This is actually done to make sure that the reply messages received from the premium numbers are not seen by the victim.
Also, its masters wanted to make sure they’re aware at all times on the number of victims, so the virus is programmed to send alerts to a French cell phone number, based on the replies sent by the premium numbers.
Due to the fact that these SMS Trojans can generate a considerable income for their masters, it’s very likely that these malicious operations will be extended to affect citizens of other countries, especially since Android phones are so popular.