The large number of malicious websites designed to infect Android devices with the well-known Android:FakeInst SMS Trojan have made Avast security experts issue another warning to alert users of its presence. They also advise smartphone owners to beware of shady-looking alternative Android app markets.
Researchers
have found several domains, such as
t2file.net and
uote.net, which store at least 25 new apps that mask the piece of malware.
After users are lured onto these websites, they’re presented with a phony
Downloader program. The truly
evil thing about this app is that it tells the victim that the operation may cost money, but the
Quit button doesn’t work.
Once the installation process begins, there’s nothing you can do, but click on the
Agree or
OK buttons. Of course, there are methods to stop the task, but to the untrained user it appears as he/she has no other choice.
What is even more worrying is the fact that once one of these buttons is pressed, an SMS to a premium rate number is already sent out. To make matters worse, the Trojan contains premium numbers for around 60 different countries worldwide, which means that if the victim isn’t located in Antarctica, he/she will most likely end up with an inflated phone bill.
In order to prevent experts from analyzing the malware, its creators have used AES encryption to make the file inaccessible.
Each SMS sent out by
Android:FakeInst costs around $4 (3 EUR), which means that the cybercriminals behind this operation can earn considerable amounts of money from users who make the mistake of downloading software from alternative markets.
“Never trust weird looking alternative markets and always check the app permissions. If you’ve downloaded a game that asks for SMS and Phone calls permissions, it probably means that someone is about to “play you” instead,” Avast’s Alena Varkočková explained.
Find us on Google+
