SMSFactory Android malware sneakily subscribes to premium services


Level 71
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
Security researchers are warning of an Android malware named SMSFactory that adds unwanted costs to the phone bill by subscribing victims to premium services.

The number of its victims is unclear but attempts to infect Android devices have been recorded for tens of thousands of Android users protected by Avast security products in at least eight countries.

SMSFactory has multiple distribution channels that include malvertising, push notifications, promotional pop-ups on sites, videos promising game hacks or adult content access.

According to Avast, SMSFactory targeted more than 165,000 of its Android customers between May 2021 to May 2022, most of them located in Russia, Brazil, Argentina, Turkey, and Ukraine.

While SMSFactory’s main goal is to send premium text and make calls to premium phone numbers, Avast researchers noticed a malware variant that can also steal the contact list on compromised devices, likely to be used as another distribution method for the threat.

Jakub Vávra of Avast notes that SMSFactory is hosted on unofficial app stores. ESET researchers found the malicious APK package on APKMods and PaidAPKFree, two Android app repositories that lack vetting and proper security policies for the listed products.
How to stay safe

To avoid larger bills, users are recommended to download apps only from trusted sources, such as Google Play. They should keep at a minimum the number of applications they're using and read reviews from other users before installing anything.

Additionally, keep your operating system updated to the latest available version for your device and run regular scans via Play Protect.

For malware that subscribes to premium services, some carriers offer the option to disable or limit this action.


Staff Member
Malware Hunter
Jul 27, 2015
Disable or limit premium SMS with your carrier. While there are legitimate uses for premium SMS, recent SMS malware campaigns highlight the importance of control over potential charges on a user’s phone contract. Disabling premium SMS features or at least setting a limit significantly negates the potential impact of TrojanSMS campaigns. This step is especially important on children’s phones.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.