Legitimate Android app causes users to infect friends with malware
Android.Trojan.KuSaseSMS encourages users to share via self-advertising links
SYDNEY & AUCKLAND – July 13, 2011 – BitDefender, an award-winning provider of innovative Internet security solutions, has discovered of a new piece of Android malware, identified as Android.Trojan.KuSaseSMS. This mobile threat propagates by means of self-advertising links sent by unwary users via two clean online video stream viewers available on the Google Android Market, cleverly encouraging friends to infect each other.
The user has the option to send an SMS or an email message to promote the respective viewers to their contacts and friends. If this option is chosen, a predefined text will be entered in the default sms or email client. The SMS or e-mail will only be sent after the user chooses a recipient. The predefined text for both viewers contains the same link which actually takes the recipient to a malicious app, identified as Android.Trojan.KuSaseSMS. The Trojan then sends 6 SMS messages to number ‘10086’ (a Chinese phone service number) and it blocks all SMS coming from numbers beginning with ‘10’.
Once the malicious Android.Trojan.KuSaseSMS app has been installed, it accesses an update link which in fact executes malicious code that is similar in behaviour to HippoSMS. HippoSMS is known to piggyback on legitimate applications available on the Android market, and sends SMS messages to premium rate numbers. Put simply, friends and contacts of the infected user would be at risk, not the app user themselves.
Catalin Cosoi, BitDefender Head of Online Threats Lab commented: “This could well be the first time that Android users are tricked into putting their friends at risk. Whilst these two apps could easily send the infected links themselves, the chances of users becoming suspicious and the scam getting detected would have been a lot higher. By using their friends and contacts to effectively endorse the safety of the links, it’s likely that a higher number of people will let their guard down and click through. I have to say this is a pretty ingenious way to spread malware, and we may well see more of this technique in future.”
Android users are recommended to always download applications from trustworthy locations and not to resort to alternative application markets. In addition, they should carefully read the permissions requested by applications they intend to install so as to be able to assess the possible risks they are exposed to more accurately. Finally, monitoring the smartphone for unusual behaviour will help keep users safe.
BitDefender users can keep their smartphones safe from harm using BitDefender Mobile Security, which uses new in-the-cloud antivirus services to efficiently scan the device and prevent malicious applications from being installed.