Attention, Android users, this might interest you! Our colleagues at PandaLabs have uncovered a new massive attack on Android Spanish users.
This is a highly elaborate ploy that originates on Facebook, where cyber-criminals are advertising a series of fraudulent apps. Panda Security has contacted Facebook to warn of this malicious advertising campaign on the popular social network.
Trojan apps
The attack works as follows:
– When users access Facebook from their Android mobile device, they will see different messages under the title âSuggested Postâ advertising WhatsApp tips like: “Want to know how to see your contactsâ chats on WhatsApp? Find out here!â or “Want to hide your WhatsApp connection status? Download this app so people canât see youâ
– If the intended victim clicks on any of these ads, they are redirected to a fake version of Google Play. The user, thinking that this is the genuine site, downloads the free app, which is really a Trojan that subscribes users to a premium-rate SMS service without their knowledge.
The Trojan checks all inbound messages received on the device and if the sender is the premium-rate SMS service, the message is intercepted and deleted so the user is unaware of the scam.
Yet this technique doesnât work with the latest 4.4 (KitKat) version of Android, so the creators have come up with an ingenious trick to overcome this: When the message is received, the phone volume is muted for two seconds and the inbound message is marked as read. The app includes an SMS counter, so when the first message is received from the premium-rate service, it reads it to get the confirmation PIN, and registers the user on the corresponding website to activate the premium-rate SMS service.
Anti-competition
This Trojan also deletes any messages sent from the number 22365, another number associated with premium-rate SMS services, although from a company apparently unrelated to this attack. All signs would suggest that this is designed to protect against a specific competitor: If another Trojan tried to register to an SMS service it wouldnât be able to access the confirmation message, and consequently it couldnât access the PIN and activate the service.
The cyber-criminals are not just using WhatsApp as bait, but also any topic that could attract users: amazing videos, Candy Crush tricks, Angry Birds tricks, etc.
Be careful!
2 comments
All Hackers and Scammers should be imprisoned for life no Exceptions .
That’s my comment