14 DAY TRIAL // A new strain of Android malware has been discovered recently propagating through short text messages to different contacts in the list of the victim’s infected smartphone.
Unlike other forms of malware, this one, called Selfmite, is not after banking credentials or any other type of sensitive information.
Its purpose is to download on the victim’s device a copy of Mobogenie, which is a legitimate app for managing and installing mobile apps, as well as multimedia content.
This sort of activity led researchers at AdaptiveMobile to the conclusion that Selfmite is part of a software affiliation scheme which brings the cybercriminals new cash for each install of a specific app.
AdaptiveMobile says that the distribution process of the malware begins with the potential victim receiving a short text message from a known contact inviting them to click on a link.
The address actually leads to the Selfmite worm, which is served as an app named The Self-Timer. As soon as launched, the worm checks the list of contacts and picks 20 of them to distribute to through SMS.
Since it has the name and the phone number, it can customize the message sent to the next potential victim so as not to raise suspicions. The message reads: “Dear [NAME], Look the Self-time, http://goo.gl/******,” and the infection cycle starts again.
It proceeds to direct the victim to the advertising platform address where the Mobogenie download is served only after making sure that the infection is perpetuated.
After the Mobogenie version is installed, it sends some device parameters to a certain URL in order to confirm the installation, and thus, the scammers rake in the profit.
The number of downloads for Mobogenie on Google Play is between 50 millions and 100 millions, which shows that it is a popular app among Android users.
However, there are no signs that the developers of the app are involved in this scheme. Moreover, the developers updated its description with an apologetic message towards those users that have been affected by this campaign.
The company representative also says that they have identified a technical issue with one of the promotional partners and a fix is on the way.
“Although we have never intentionally distributed spam advertisements to our users, we would like to take this opportunity to apologise to all of you for any inconvenience this spam may have caused. Having now identified a technical issue with one of our promotional partners, we are currently trying our best to fix this problem as soon as possible,” the post says.
According to AdaptiveMobile, North America appears to be the most affected region and the company has already blocked the spread to its customers. Google has also been contacted and it has disabled the shortened links used in the scam, as well as Mobogenie, to block the ID responsible for such activity.