Thursday, October 28, 2021

New Android SMS Trojan goes global, hits Canada especially hard

Having global reach is a good thing, if you’re a corporation or a wealthy retiree. It’s not so good if you’re a piece of malicious code looking to infect other people’s computers. Sadly, malware seems to travel rather well these days, even when it’s only a year old.

Antivirus and Internet security researchers at Kaspersky Lab say that an Android Trojan app they first identified last year has vastly expanded its global reach since then. And Canada ranks among the most heavily affected countries in the world.

The malware goes by the name “Trojan-SMS.AndroidOS.FakeInst.ef.” It originally operated only in Russia, its country of origin, but is now hitting users in 66 countries. The software appears to be a porn-watching app, but if a user downloads it, the malware then downloads an encrypted config file and sends SMS messages to high-rate phone numbers. The numbers are derived according to the mobile country code of the user in question.

“FakeInst was detected by Kaspersky Lab back in February 2013,” Kaspersky Lab says. “Since then, 14 various versions of it have emerged. The earlier versions were only capable of sending messages to premium-rate numbers in Russia. But by mid-2013 other countries appeared on the ‘support list.’”

After enticing the user to download the porn-viewing app, the Trojan asks the user to send a text message to purchase paid content. Once the message is sent it opens a free-access website.

“The Trojan also contacts its C&C [command and control] server for further instructions,” Kaspersky Lab says. “Of all the commands that it can receive and process, we’d like to highlight the ability to send a message with specific content to a number listed in the C&C command, and intercept incoming messages. The Trojan can do various things with incoming messages – steal all of them, delete them, or even respond to them.”

Canada appears well down in the list, but a global map showing the countries most affected provides the bad news. While Russia is in the worst-affected category, with 150-300 users affected, so are Kazakhstan – and Canada.

The story was reported in Computerworld, because, according to Kaspersky Lab, FakeInst “is the first case we have found involving an active SMS Trojan in the United States.”

The U.S. makes the list in the 1-9 users category. You wonder what they’re worried about.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Andrew Brooks
Andrew Brookshttp://www.itworldcanada.com
Andrew Brooks is managing editor of IT World Canada. He has been a technology journalist and editor for 20 years, including stints at Technology in Government, Computing Canada and other publications.

Related Tech News