Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Suspicious Mobile App Sends Bulk Messages

Promises of easy money should be taken with a grain of salt – especially when they come with a request to download a mobile app.

Promises of easy money should be taken with a grain of salt – especially when they come with a request to download a mobile app.

Case in point is Bazuc, an application that was available earlier this month in the Google Play Store. It has since been taken down. But at one point, it may have been downloaded as many as 50,000 times, according to Lookout Mobile Security.

“Once you’ve downloaded the app, Bazuc can be used to send virtually untraceable SMS messages in bulk, which look like they came from your phone,” blogged Marc Rogers, a researcher with Lookout. “In fact, they did come from your phone. The authors of Bazuc are charging companies to have users send out these cheap SMS messages on their behalf, helping the companies bypass spam detection and automated anti-fraud systems. This operation is putting personally- identifiable information at risk, exposing targeted users to phone calls and SMSs from unknown people, and swindling operators out of money.”

On the surface, it doesn’t sound like a bad deal. Bazuc, Rogers explained, is actually a pair of applications: ‘Bazuc Earn Money’ and ‘Bazuc Free International SMS’. Bazuc Earn Money offers to pay $.001 per message, and tells the user they may earn as much as $30 a month. However to earn that $30, 30,000 messages would have to be sent. 

“On the face of it, the “Bazuc Earn Money” app offers people an interesting proposition: the chance to sell the surplus of SMS messages that remain in their monthly quota after they have used their normal monthly amount,” he blogged. “The “Bazuc Free International” SMS app uses the SMS allowance purchased by “Bazuc Earn Money” to enable users to send free SMS messages internationally.”

With Bazuc Free International SMS, when a person tries to send a message to an international number, the app opens the default email, and puts the recipient’s phone number appended with @buzac.com in the ‘to’ field. Afterwards, the user is invited to type a message into the email.

“”Bazuc Free International SMS” remained non-functional for the duration of our testing, suggesting that it may be part of a cover for the dodgy SMS network,” Rogers continued. “By establishing a friendly cover like this, it makes users more comfortable with allowing their devices to be used.”

Lookout investigated the SMS network and found a number of players involved both wittingly and unwittingly – bulk messaging providers, phishers, spammers, banks and smartphone owners. Despite the app author’s claim that the app is used to offer free messaging to users, out of 200 messages Lookout analyzed, they only saw human-to-human messages three times. The majority of the messages appear to be machine-to-machine, with 40 percent being service or transaction alerts and 30 percent PIN code and password messages. Eight percent appear to be advertising spam.

“Although all the messages sent through our test devices were aimed at U.S. subscribers, few if any of the messages appeared to be U.S. in origin,” Rogers wrote. “Some of the identifiable countries of origin that we saw were Nigeria, Russia, Poland and Mexico.”

Several messages were identified to have come from well-known American and African banks. While at first glance the messages appear to be phishing messages, Lookout suspects they may be legitimate. The banks it seems signed up with the bulk SMS messaging network to send customer transaction information, Rogers explained.

“If that’s true, they aren’t alone,” he blogged. “During our examination of the network, we received PIN codes, chat invites, OTP or mobile TAN messages, psychic readings and even a wire transfer.”

“Bazuc is one more in the growing category of grey area threats which operate by finding loopholes in the mobile ecosystem,” he continued. “Rather than Bazuc breaking the Terms of Service, it’s the people who download Bazuc who are violating their operator’s Terms of Service and put themselves at risk of having their cellphone service terminated. It’s the users that are likely to pay the price when operators start to terminate mobile accounts or charge out of bundle rates on those messages. At an average price of $0.10c – $0.15 per out-of-bundle message, these users could be looking at a bill of $300 – $400 for messages. Compare that to the $3 Bazuc paid them.”

“The user is also likely to be left holding the baby when concerned bank customers come calling,” he added. 

Written By

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...

Malware & Threats

Fortinet warned of three malicious PyPI packages containing code that fetches the Wacatac trojan and information stealer.

Cybercrime

The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...