SMSFactory Android virus secretly subscribes to premium services

SMSFactory Android virus secretly subscribes to premium services

Tech Highlights:

  • According to Avast, SMSFactory targeted more than 165,000 of its Android customers between May 2021 to May 2022, most of them located in Russia, Brazil, Argentina, Turkey, and Ukraine. While SMSFactory’s main goal is to send premium text and make calls to premium phone numbers, Avast researchers noticed a malware variant that can also steal the contact list on compromised devices, likely to be used as another distribution method for the threat.

  • Security experts have issued a warning about an Android virus known as SMSFactory that adds unwelcome charges to users’ phone bills by enrolling them to premium services. Although the exact number of victims is unknown, attempts to infect Android devices have been documented for tens of thousands of Android users in at least eight countries who are covered by Avast security solutions. Malvertising, push notifications, commercial pop-ups on websites, and films offering game hacks or pornographic material access are just a few of SMSFactory’s distribution methods.

Jakub Vávra of Avast notes that SMSFactory is hosted on unofficial app stores. ESET researchers found the malicious APK package on APKMods and PaidAPKFree, two Android app repositories that lack vetting and proper security policies for the listed products. The SMSFactory APK may come under different names and when trying to install it on the device, a warning kicks in from Play Protect – Android’s built-in security system, alerting users about the potential security risk from the file.

The app itself has no assigned name or icon and can remove the latter from the screen to make more difficult its removal after exiting. As a result, most victims assume that something went wrong with the installation and don’t give another though about the app. Bill Toulas is a technology writer and infosec news reporter with over a decade of experience working on various online publications. An open source advocate and Linux enthusiast, is currently finding pleasure in following hacks, malware campaigns, and data breach incidents, as well as by exploring the intricate ways through which tech is swiftly transforming our lives.

The permissions requested upon installation include accessing location data, SMS, ability to make phone calls and send SMS, wake lock and vibrate, manage overlay, use the entire screen, monitor notifications, and start activities from the background. These are all permissions indicative of malicious activity, but careless users who look forward to accessing the promised content are likely to allow them without reviewing. Once installed, the app shows the victim a fake content screen to a service that doesn’t work or is mostly unavailable.

We will be happy to hear your thoughts

      Leave a reply

      Tech Reviews, News and Guides
      Logo