BitDefender has announced the discovery of a new piece of Android malware, identified as Android.Trojan.KuSaseSMS. This mobile threat propagates by means of self-advertising links sent by unwary users via two clean online video stream viewers available on the Google Android Market, cleverly encouraging friends to infect each other.
The user has the option to send an SMS or an e-mail message to promote the respective viewers to their contacts and friends. If this option is chosen, a predefined text will be entered in the "default sms/email client". The SMS or e-mail will only be sent after the user chooses a recipient. The predefined text for both viewers contains the same link which actually takes the recipient to a malicious app, identified as Android.Trojan.KuSaseSMS. The Trojan sends 6 SMS to number “10086” (a Chinese phone service number) and it blocks all SMS coming from numbers beginning with “10”.
The friends or contacts of the person having accessed the viewers are the intended victims of this malware dissemination scheme. Once they have installed the malicious Android.Trojan.KuSaseSMS app, it accesses an alleged update link which in fact opens up the way to another malicious code that is similar in behavior to HippoSMS. HippoSMS is known to piggyback apparently legitimate applications available on alternative Android markets and to send SMS messages to premium rate numbers. To put it simply, it is the friends and contacts of Android app users that are at risk here, not the app users themselves.
Catalin Cosoi, Head of the BitDefender Online Threats Lab commented: “This could well be the first time that Android users are tricked into putting their friends at risk. Whilst these two apps could easily send the infected links themselves, the chances of users becoming suspicious and the scam getting detected would have been a lot higher. By using their friends and contacts to effectively endorse the safety of the links, it’s likely that a higher number of people will let their guard down and click through. I have to say this is a pretty ingenious way to spread malware, and we may well see more of this technique in future.”
Android users are recommended to always download applications from trustworthy locations and not to resort to alternative application markets. In addition, they should carefully read the permissions requested by applications they intend to install so as to be able to assess the possible risks they are exposed to more accurately. Finally, monitoring the smartphone for unusual behavior will help keep users safe.
BitDefender users can keep their smartphones safe from harm using BitDefender Mobile Security, which uses new in-the-cloud antivirus services to efficiently scan the device and prevent malicious applications from being installed.