Sending an SMS message is so simple and straightforward, you'd think keeping the process secure would be a breeze.
Forget the fancy multimedia messages that lead to exploits like Stagefright, how hard could it be to prevent hackers from hijacking tiny packets of text data? And yet, receiving just one fishy (or phishing) text message can scam you and put your phone in great danger.
This week's mobile threat, reported by security company Malwarebytes, is just the latest example of text-based malware.
When a Stranger Texts
SMS bot, identified by Malwarebytes as Android/Trojan.Spy.Smsbot.ovk, spreads via SMS phishing, or "smishing," URLs. Smishing URLs are used for nefarious purposes like stealing personal information or implanting malware. SMS bot does the latter, installing a malicious app under a fake Google Play Store icon. After loading a JavaScript file, the malware then connects to a remote server to await further commands.
The JavaScript file loads on each new browser instance to ensure constant connection.
What makes SMS bot so dangerous is that it doesn't just monitor incoming calls and messages on an infected Android device, it can also interpret that data to perform specific actions without the victim's consent. Say you get a message from your bank. SMS bot and the server it's connected to now know how to contact your bank. The app could secretly send a message requesting your account balance and all of a sudden hackers have collected some of your most sensitive information.
And in case that wasn't bad enough, SMS bot can also essentially lock you out of your device by keeping the browser as the active screen and making it impossible to dismiss. That's a trick it borrowed from ransomware, one of the slimiest, and most popular, recent types of malware around.
Staying Safe
Since SMS bot travels through text messages, one of the best ways to avoid it is to not open texts that look strange or come from unfamiliar numbers. Messages that want you to reply with personal information or visit weird links are almost always up to no good.
As always, you'll also want to get some kind of security software for your Android device. Fortunately, there are many excellent options to choose from. You could check out Malwarebytes Anti-Malware, or our Editors' Choice award winners Avast! Mobile Security & Antivirus and Bitdefender Mobile Security and Antivirus. Everyone has the right to safely text from the privacy of their own phone.
Source: pcmag.com
0 comments:
Post a Comment