Cybercriminals Compromise Legitimate Websites to Distribute SMS Trojans

Webroot researchers have identified a cybercriminal campaign whose main goal is to distribute Android malware that sends SMS messages to premium rate numbers. To ensure the success of their campaign, the attackers are abusing legitimate websites.

One example is a popular Bulgarian site that offers branded watches. Those who visit it are redirected to another website which serves the SMS Trojans.

There are at least three variations of this campaign. In one of them, Russian-speaking users are lured with a fake Adobe Flash Player app.

Besides malicious Flash Players, victims are also promised a new Google Play site and an Android browser.

Once it finds itself on a mobile device, the malware collects information such as IMEI, IMSI, phone brand, and operator data and sends it back to a remote server. After that, it starts inflating the victim's mobile bill by sending SMSs to premium rate numbers.