14 DAY TRIAL // Mobile security vendor AdaptiveMobile reported last week on an SMS spam campaign delivering phishing links (also called smishing) that leveraged the Twilio text messaging service.
The company noted this recent shift in the SMS spam market, which until now relied on sending SMS messages from previously infected devices, using mobile malware with worm-like features to self-propagate to other victims.
Incidents of OTT-based SMS spam are increasing
Twilio and other OTT (Over-The-Top) messaging services have been increasingly leveraged for SMS spam, noted the company citing previous spam campaigns that shifted from device-to-device propagation to a more botnet-like behavior.
Crooks are setting up accounts on services like Twilio and other OTT providers and using these accounts to send out spam to a large number of victims. When their accounts are suspended, they simply create new ones.
For this latest campaign, the crooks used the now classic lure of an SMS message that tells the user he received an MMS photo, and in order to see it, he must download an Android application (APK file), and install it.
Recent campaign delivered apps infected with the DroidJack Android RAT
The crooks behind this campaign showed a general sloppiness, not even bothering to hide mentions of DroidJack, a known RAT (Remote Access Trojan), inside the APK's source code.
DroidJack has been available on the market for several years now and is a powerful malware that allows a crook access and control over an infected Android device. DroidJack includes lots of features, ranging from the ability to access photos, spy via the webcam and microphone, force-install other apps, steal contacts, read and send SMS messages, and a bunch more.
AdaptiveMobile says the same Twilio number used for this campaign was also used in January and then August to deliver smishing messages that lured victims to a fake PayPal page, where the crooks tried to collect their account credentials.
In the past, cyber-criminals also abused OTT carriers to deliver similar smishing campaigns that targeted Craigslist users.
"With the (limited) success of criminals sending spam through OTT carriers, we could be seeing a move by malware authors to follow suit and try their luck," AdaptiveMobile's Jessie Power said.
