Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Android Users Targeted With New SMS Worm

A new SMS worm dubbed “Selfmite” has been infecting Android devices in a pay-per-install scheme that abuses advertising services, AdaptiveMobile announced last week.

A new SMS worm dubbed “Selfmite” has been infecting Android devices in a pay-per-install scheme that abuses advertising services, AdaptiveMobile announced last week.

According to the mobile security company, Selfmite is designed to spread via SMS messages that lure recipients to an application called “The Self-Timer” via a shortened Google (goo.gl) link. The URL takes potential victims to a website where they’re instructed to download and install an APK file (TheSelfTimerV1.apk) which creates an icon for “The Self-Timer” app in the infected device’s menu. 

Android MalwareOnce executed, Selfmite accesses the address book from which it retrieves the top 20 contacts, and sends them each an SMS message urging them to check out the self-timer application, AdaptiveMobile said. After this task is completed, the worm attempts to open a different URL shortened with goo.gl, which redirects victims to an APK file (mobogenie_122141003.apk) for Mobogenie, a legitimate file and apps manager for Android devices.

Mobogenie, which has between 50 million and 100 million downloads on Google Play, is promoted via various ad platforms, one of which is used in this pay-per-install campaign. Once this particular version of the Mobogenie app is installed on an Android smartphone, it accesses a certain URL to confirm the installation and make sure the individuals behind the scheme get paid for their effort.

“[We] believe that an unknown registered advertising platform user abused legal service and decided to increase the number of Mobogenie app installations using malicious software,” AdaptiveMobile’s Denis Maslennikov explained in a blog post.

Mobogenie is aware of such spam campaigns which the company says are a result of a “technical issue” with a promotional partner. The company posted an apology to customers on Google Play months ago claiming to be working on addressing the issue, but apparently the app is still installed on phones through shady methods.

Sophos has also analyzed the worm which the company has dubbed Andr/SlfMite-A. Paul Ducklin, a security evangelist for the company, explained that Selfmite relies on the mutual trust that exists between contacts to spread from one Android phone to the other.

“In theory, a virus like this could spread exponentially, with one victim in Generation One becoming 20 in Generation Two, 400 in Generation Three, and so on, with 20N-1 victims in Generation N,” Ducklin explained in a blog post published on Sunday. “In practice, of course, this never happens: many of the potential victims in each generation will delete the message, or ignore it, or have it blocked by their anti-virus.”

While statistics from Google show that on June 24 there had been 2,140 clicks on the malicious URL and over 210,000 on the Mobogenie redirection, AdaptiveMobile reported that Selfmite infections are not widespread at the moment, most likely due to the fact that the threat has been detected early  ̶  security firms and Google have already taken steps to protect users. Users in North America appears to be the most targeted, with dozens of infections detected by the mobile security firm.

 

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...