14 DAY TRIAL // It’s not uncommon for worms that target computers to spread through links in emails, instant messaging services or social media messages. However, it is uncommon for Android malware.
Researchers from ESET have spotted such a threat and dubbed it Android/Samsapo.A. After it infects a smartphone, the malware sends a text message reading “Is this your photo?” (written in Russian) to the victim’s entire address book.
The link that’s included in the SMS messages points to a malicious APK package. This way the malware is distributed from one Android phone to another.
Samsapo is disguised as a system utility (com.android.tools.system v1.0), it has no graphical user interface and no icon. Once it finds itself on a smartphone, the malware is capable of performing various actions, including downloading additional malicious files, sending SMSs to premium rate numbers, blocking phone calls, and modifying alarm settings.
The threat can also act as a piece of spyware. More precisely, it can upload phone numbers, text messages and other information from the infected device to a remote server.
The malware requests a large number of permissions when it’s installed in order to be capable of performing all these actions.
The domain from which Samsapo.A is being distributed was registered on April 24, 2014. For the time being, the worm only appears to target Russian users.