Evolution of Android Malware “The touch, the feel of being tricked into sending premium SMS messages, the worst feeling of our lives” (Part 3)

by Nathan Collier

Android.SMS.FakeInst is a Trojan that aims to do one thing — trick users into sending premium SMS messages by pretending to be an install for an app.  Here’s how the scam works: The user sends three premium SMS messages in exchange for an app, but there is no guarantee that it will actually install anything after they already have your money.  These malicious apps are getting harder and harder to discern as malicious as the look and feel of these apps get better through newer iterations.  One variant of these Trojan apps, which comes from a known malicious site, looks better with each update.  Let’s start with one of the first iterations of this variant.

The icon looks fairly convincing:

Not very compelling with only simple text asking to agree to download:

Here’s the agreement stating it’s ok for them to steal from you… don’t think it quite works that way in our legal system:

The first iteration isn’t too compelling at all.  Let’s look at the next iteration.

Nice looking icon they have here

Oooo, a status bar!  This has to be legit, right?

There’s that pesky agreement again.

The app was more believable this time.  Nice touch with the status bar.  On to the last iteration we saw just last month in time for the Beta Google Chrome for Android release.

Say, that icon looks familiar!

WOW, looking shrap SMS.FakeInst!

Even the agreement looks more convincing with that clean looking ‘Start’ button

Each iteration looks better.  Nice to see the bad guys have more pride in their work as time goes by.  The lesson here is to read the rules and agreements, and if the agreement asks for three payments in the form of premium SMS messages and states that it assumes no liability for damages including loss of profits, it’s probably not legit.  With new variants of these SMS.FakeInst Trojans coming out every other day, and the bad guys hosting their malware on sites that are as convincing as the apps as we discussed in our November blog post, “I don’t think it means what you think it means…”, we are working hard to keep you protected, and with Webroot SecureAnywhere Mobile we promise our agreement won’t ask to you send premium SMS messages.

One thought on “Evolution of Android Malware “The touch, the feel of being tricked into sending premium SMS messages, the worst feeling of our lives” (Part 3)

  1. Pingback: Beware of Fake Adobe Flash Apps « Webroot Threat Blog

Join the Conversation

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s