Areas in red worst affected by malware. Map from Kaspersky

Published: April 25th, 2014

Having global reach is a good thing, if you’re a corporation or a wealthy retiree. It’s not so good if you’re a piece of malicious code looking to infect other people’s computers. Sadly, malware seems to travel rather well these days, even when it’s only a year old.

Antivirus and Internet security researchers at Kaspersky Lab say that an Android Trojan app they first identified last year has vastly expanded its global reach since then. And Canada ranks among the most heavily affected countries in the world.

The malware goes by the name “Trojan-SMS.AndroidOS.FakeInst.ef.” It originally operated only in Russia, its country of origin, but is now hitting users in 66 countries. The software appears to be a porn-watching app, but if a user downloads it, the malware then downloads an encrypted config file and sends SMS messages to high-rate phone numbers. The numbers are derived according to the mobile country code of the user in question.

“FakeInst was detected by Kaspersky Lab back in February 2013,” Kaspersky Lab says. “Since then, 14 various versions of it have emerged. The earlier versions were only capable of sending messages to premium-rate numbers in Russia. But by mid-2013 other countries appeared on the ‘support list.’”

After enticing the user to download the porn-viewing app, the Trojan asks the user to send a text message to purchase paid content. Once the message is sent it opens a free-access website.

“The Trojan also contacts its C&C [command and control] server for further instructions,” Kaspersky Lab says. “Of all the commands that it can receive and process, we’d like to highlight the ability to send a message with specific content to a number listed in the C&C command, and intercept incoming messages. The Trojan can do various things with incoming messages – steal all of them, delete them, or even respond to them.”

Canada appears well down in the list, but a global map showing the countries most affected provides the bad news. While Russia is in the worst-affected category, with 150-300 users affected, so are Kazakhstan – and Canada.

The story was reported in Computerworld, because, according to Kaspersky Lab, FakeInst “is the first case we have found involving an active SMS Trojan in the United States.”

The U.S. makes the list in the 1-9 users category. You wonder what they’re worried about.