Warning: SpamSoldier is invading Android devices
Mobile devices are increasingly vulnerable
Friday, December 28, 2012
The mobile world continues to become more vulnerable to malware with a newly discovered SMS spamming botnet called SpamSoldier causing concern.
It reportedly infects users of Android phones to send out a stream of spam in the form of text messages, much like some PCs become "zombie" computers in the service of spammers.
Victims are lured in with text messages that tell them they have won a $1,000 gift card at Target, but must enter a code at a special site. When they go to the site they download the malware.
Clicking will be costly
“Before you click on a link that is texted to you, understand it’s probably going to cost you,” said Washington State Attorney General Rob McKenna. “That text that appears to come from a reputable retailer is usually a trick to take your money, install a virus, or both.”
SpamSoldier is also spreading through messages that advertise free versions of popular paid games like Angry Birds Space. It is also found on disreputable, third-party app stores. Once it’s infiltrated an Android handset, it uses the subscriber’s allotment of text messages to send out more spam messages.
Someone who clicks on the link might actually receive a free game. But she will also install an application that in coordination with a kind of mother ship -- a server somewhere in cyberspace -- seeks to reproduce itself.
Difficult to detect
McKenna says detecting SpamSoldier can be difficult because the app is programmed to intercept responses to its texts before consumers see them. Still, those who pay by the text or have a limited number per month will eventually notice the activity.
There are ways to avoid SpamSoldier and other malicious apps. They include:
- Only download apps from reputable vendors such as the app store pre-installed on your phone.
- Do not download apps from a vendor who sends you a text.
- Don’t fall for texts saying you’ve won something.
- Regularly check your bill with an eye for texts you do not remember sending or for charges you did not authorize.
- Check your smartphone’s security by visiting the FCC’s Smartphone Security Checker.