The Inquirer-Home

Rogue Android Skype app is open to premium SMS fraud

Unofficial sources bring unwanted attention
Tue Sep 10 2013, 15:20
Hacker's hands on keyboard

SECURITY FIRM Malwarebytes has warned people who download rogue apps that they can expect to fall into an insecurity trap.

The firm said that SMS Trojans are some of the most prevalent malicious apps, and warned that some can charge people as much as $10 for every crappy message that they send or receive.

Jerome Segura, senior security researcher at Malwarebytes has traced one particularly onerous one back to a fake Skype application. Segura said that the bad app makes its living mostly in Eastern Europe, but can be turned onto any kind of software.

"We navigate to a site pushing a fake Skype update for Android phones (and tablets). We proceed to download the app which is fairly big in size, but is within what we would expect for Skype anyway," he said.

The firm reverse engineered the app and has pulled it apart. It found some modules that relate to Skype but some others that are not documented in Skype's SDK for Android.

"The code is well-structured and each class is named appropriately, quite different when we compare it to malicious Java applets used in exploit kits where everything is obfuscated and encrypted," he said.

"What we have here is the backbone for an SMS Trojan that can - among other things - automatically send costly (premium) SMS messages while running silently in the background."

The app can send a premium SMS message every ten minutes, which sounds costly. Perhaps worse it has been engineered so that it will hide warnings about high cost messages from the user. Other features include logging of phone activity and storing it somewhere.

"The Android operating system comes with certain safeguards and given the current malware landscape it is a very good idea to make sure they are enabled," said Segura.

"The rule of thumb is that you should avoid installing any app that is not in the Play Store. Right there it will dramatically reduce your chances of getting infected." µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?