There has been a warning from security experts about malware first identified as SMSFactory, an Android-based threat. Through the malware, the victims are subscribed to premium services at an unnecessary cost, which is really expensive.
While Avast has not disclosed how many victims have been affected by the attack, there have been hundreds of attempts to infect Android devices utilizing its products across at least eight countries protected by Avast security software.
It is important to note that SMS Factory has more than one distribution channel, including advertisements like:-
In the period May 2021 to May 2022, SMFactory targeted over 165,000 Android users. While in this attack, most of the users are from the following countries:-
Sending premium SMS texts and making calls to premium phone numbers is the primary objective of SMSFactory.
One of Avast’s researchers noticed a new variant of malware that can also take advantage of compromised devices’ contact lists as well. There are many ways to distribute information, and among them, one of the main methods is to use compromised contact lists.
The security experts on the case determined that SMSFactory is available on a number of unofficial app stores during the investigation. Moreover, the malicious APK package on APKMods and PaidAPKFree were also detected by the security analysts at ESET Security.
Various names may be associated with the SMSFactory APK. The first time it tries to install on the device, the Play Protect security system pops a warning message, and then it blocks the whole installation process.
During installation, a number of permissions will be requested from the user, and here they are mentioned below:-
Once it gets installed, then in the background, the SMSFactory continues all its operations. The SMSFactory establishes a connection with the infected device, and the ID profile of that device is sent over to the C2 server.
To avoid larger bills or to mitigate such situations the cybersecurity researchers have strongly recommended users follow the below-mentioned recommendations:-
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
A very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS)…
Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target…
ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts…
Santander has confirmed that there was a major data breach that affected its workers and customers in Spain, Uruguay, and…
The U.S. government has offered a prize of up to $5 million for information that leads to the arrest and…
Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated cybercriminals to achieve its strategic goals,…