14 DAY TRIAL // The operators of the Asprox/Kuluoz botnet do not serve the same page to Android and iOS users, as they land on different websites; moreover, the links for the recipients running Windows on desktop PCs deliver a downloader for a backdoor threat (BKDR_KULUOZ.VLU).
Important to note is that the same campaign targets users of multiple devices and the emails contain different links, depending on the platform they land on.
Mobile threat response engineer Wish Wu from TrendMicro says that the flurry of malicious messages was recorded last week and claimed to be from Viber messaging service, which has both a mobile and a desktop correspondent.
Android and iOS users redirected to different locations
The emails pretended to deliver a notification for a voice message available in the recipient’s account.
However, users receiving the alert on a mobile device would sometimes be redirected to a streaming website known for suspicious activities. The researcher said that it would ask the user to register and then charge the provided credit card without the knowledge or consent of the user.
In some cases, it has been observed that Android devices were pointed to the “Go Launcher” app in Google Play, while on iOS the link in the fake message led to a Chinese gaming app on the iTunes website. None of these apps are malicious in nature, the threat response engineer notes in a blog post on Friday.
Other types of redirect included adult locations, different for each platform. On some occasions, Android users were led to a blank page containing a link to an APK (Android application package) file containing URLs to numerous adult websites.
Apart from this, the app would also monitor incoming and outgoing calls, sending a log to a remote server address, hard-coded in the app.
Worth noting is the fact that users were directed straight to links with the malicious APK.
Suspicious messages should be treated with extra care
“While we have seen several threats that work on different platforms, the amount of possible outcomes for this one spam attack is highly notable. It’s also interesting that the spammers behind this attack took great pains to redirect mobile users to different sites based on the platform of their devices,” said the researcher.
Emails can be easily spoofed by spammers to look like they come from a legitimate sender. As such, it is advisable to exercise care when receiving suspicious messages and to avoid clicking on links in them.
