Pages

SMS apps on Play Store can become a gateway for malware activities

According to the tweet posted by Maxime Ingrao, a security researcher at Evina, a French software company, a new malware campaign has been discovered targeting Android users.

As per the details, the fraud SMS service provider application, which has over 100,000 installs, is using the victims' phones to create fake profiles on different platforms that may include social media applications as well as Microsoft, and more. These fake accounts can later be used in more malicious campaigns.


The whole process works in a very simple way. Whenever a user installs the application from the Play Store, the user will be asked to allow access to sending messages as well as allowing them to be read.

Once permission is granted, the user will be required to give their cell phone number. After this step, the app initiates the malware function by displaying a fake interface showing the app waiting for the resources to be downloaded, while in the background, the attackers will be getting what they need.

The fake overlay stays on the screen for a long time, so the hackers can start receiving one-time pins or two-factor authentication codes to create or verify fake accounts with the victim’s number without notifying them. The hackers can easily receive and read the security codes being sent to that number.

Once the hackers get what they want, the application freezes and does not move further, forcing the user to remove it from the device.

Later on, the hacked numbers are then sold to buyers who want to create fake accounts on multiple platforms. It was also discovered that the data was transported to another platform, namely Virtual Number, an application offering mobile phone numbers from several countries that can be used to create or verify an already existing account.

The application is still available in the store with a 3.4 out of 5 ratings. The reviews on the app have also highlighted the app being frozen and receiving notifications for an OTP after closing the app.

Thankfully, Google has removed the bad actors from Play Store by banning the developer.

Read next: Hackers are targeting the "Invisible Body" trend on TikTok to spread malicious software

No comments: