A new wave of malware has emerged, casting a shadow over Android users worldwide. ZLabs researchers from Zimperium have uncovered a significant SMS stealer campaign that is stealthily infiltrating devices, siphoning off sensitive information, and funneling it to malicious actors seeking financial gain.
A massive SMS stealer campaign
The initial approach of these hackers often unfolds in one of two deceptive ways. In some instances, victims encounter a fake app advertisement on a compromised webpage. Those who fall for these ads are redirected to a site that closely resembles a legitimate Android app download link. However, the software they unwittingly download is not the promised app; rather, it is malware that requests permission to access their SMS messages.
Another method employed by the SMS stealer campaign involves the use of Telegram bots. Zimperium researchers have identified approximately 2,600 such bots that entice users with the allure of free pirated Android apps. In exchange for these supposed freebies, victims are asked to provide their phone numbers. Unfortunately, the downloads they receive are unique malicious applications disguised as authentic APKs.
Once these cybercriminals gain access to a victim’s device, they exploit personal data for nefarious purposes. The ability to access text messages is particularly alarming, as it allows these malicious actors to capture one-time passwords (OTPs) often required by banks and other financial institutions for user verification.
Zimperium researchers have been monitoring this SMS stealer campaign for nearly two and a half years. During this period, they have documented over 107,000 malware samples linked to the operation, indicating that the perpetrators are continually refining their tactics to maintain effectiveness. The campaign has reportedly ensnared victims in 113 countries, with a notable concentration in India and Russia, but also affecting users in Brazil, Mexico, the United States, Ukraine, and Spain.
In light of this concerning trend, Android users are urged to exercise caution when encountering download links that promise free applications. A Google spokesperson has advised users to leverage the Google Play Protect feature to safeguard their devices against malware. “Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services,” the spokesperson stated. “Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.”
UPDATE: Aug. 2, 2024, 4:23 p.m. EDT This piece has been updated to include a statement from Google.
