By Nathan Collier
Earlier this year, the SMS Trojan Foncy was discovered targeting French-speaking Android Users. Now, we’ve come across a new Trojan targeting them using a similar SMS scam. The app pretends to be an app called BlackMart Alpha, which is already a little shady since it’s used to download apps that may otherwise cost money. This app is not found on Google Play and is not malicious in itself, but the fact that you can’t get it in the Google Play store makes it a prefect target for malware developers to make fake versions of it. Webroot detects this Trojan as Android.SMS.FakeB-Mart. It works by sending premium SMS messages to two different numbers (81211 and 81038), which have both been involved with scams that add a hefty Euro charge to the victim’s phone bill. In one case, someone was scammed out of €89.85 , or $110.49. Once the malicious app is installed, it looks like the legitimate BlackMart Alpha app, but doesn’t completely load. A pop-up box opens stating that it’s loading with a increasing percentage. This tricks the user into thinking the app is loading while it’s really sending premium SMS messages in the background.
The app deletes any incoming SMS messages from 81211 to hide any confirmation SMS messages.
Being tricked by this fake blackmarket app when trying to download pirated apps could end up being a lot more expensive than just paying for the app from a trusted app market. Another lesson to always install apps from trusted markets.