14 DAY TRIAL // The JollyBot SMS Trojan identified by researchers from mobile security firm Lookout is interesting because, unlike other similar threats, it’s distributed as a service.
SMS fraud Trojans, the threats that earn crooks money by sending SMSs to premium rate numbers from infected devices, are not uncommon. However, experts are seeing a growing trend in the use of such malware as a service.
The JollyBot malware, apparently coming from Russia, is not bundled with legitimate apps by its creators. Instead, the developers distribute it as a service.
Affiliate customers who subscribe to their services receive a toolkit (SDK) which they use to infect whichever apps they want. The creators of the malware collect a revenue share from those who do all the work.
For the time being, experts haven’t spotted too many infections, most of them being identified within Russia and neighboring countries where the attackers can register premium rate SMS services.
Currently, the only website hosting applications bundled with the malware is Spaces, a Russian social media site. The Trojan has been repackaged with security applications, games, utilities, and adult content.