[MART] - Daily Diary #526 - Meet SMSFactory Android Malware

CTAS-MAT ctas-mat at appgate.com
Mon Jun 6 21:57:13 UTC 2022


Hello,

I hope everyone is doing well!

Below is the entry for today.

06/06/2022 - Diary entry #526:

A new mobile malware targeting Android devices was recently discovered. Named SMSFactory, it subscribes victims to premium services and performs actions such as calls and SMS messages that result in unnecessary and expensive costs to the victims.

Once downloaded and installed, SMSFactory shows a basic menu containing videos, adult content, and games that are usually not available. Meanwhile, behind the curtains, the malware activates its malicious behavior. It also uses several techniques to hide on the device and remain undetected like using a blank icon, removing itself from the home screen, and showing an empty application name in the "Installed Apps" list.

SMSFactory is active since at least May 2021 and it is disseminated through untrusted sources such as push notifications, alerts on websites, and malvertising - a type of attack that uses infected ads to spread malicious content. SMSFactory is very active and already impacted a high number of devices from Russia, Brazil, Argentina, Turkey, and Ukraine.

To defend against threats like SMSFactory, mobile users should pay attention to the app's requested permissions like to perform calls or SMS/MMS messages, and never install apps from untrusted sources.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Tarijon de Almeida
Malware Analyst
Appgate

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220606/3868747e/attachment.htm>


More information about the MART mailing list