Application security, Malware

Widespread Android SMS stealer campaign detailed

Share
Women hand using smartphone typing, chatting conversation in chat box icons pop up. Social media maketing technology concept.Vintage soft color tone background.

Numerous Android devices around the world, especially those in India, Russia, Brazil, Mexico, and the U.S., have been compromised as part of a massive SMS and one-time password stealer campaign, according to BleepingComputer.

Malicious Android APKs with the stealer malware have been spread not only via malvertising but also through 2,600 Telegram bots that seek targets' phone numbers in exchange for the APK file, with the malware exfiltrating SMS messages to a 'fastsms[.]su' API endpoint, a report from Zimperium researchers showed. With the Fast SMS website enabling virtual phone number access, attackers could then use requested Android SMS access permissions to allow the capturing of OTPs from more than 600 services. Aside from prompting unauthorized mobile account charges, such a compromise could also implicate victims in illicit activities involving their phone numbers, according to researchers, who urged against APK downloads outside the Google Play Store, as well as the granting of excessive app permissions while recommending Play Protect activation.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.