SMSFactory Android malware sneakily subscribes to premium services

Gandalf_The_Grey

Level 62
Thread author
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
5,110
Security researchers are warning of an Android malware named SMSFactory that adds unwanted costs to the phone bill by subscribing victims to premium services.

The number of its victims is unclear but attempts to infect Android devices have been recorded for tens of thousands of Android users protected by Avast security products in at least eight countries.

SMSFactory has multiple distribution channels that include malvertising, push notifications, promotional pop-ups on sites, videos promising game hacks or adult content access.

According to Avast, SMSFactory targeted more than 165,000 of its Android customers between May 2021 to May 2022, most of them located in Russia, Brazil, Argentina, Turkey, and Ukraine.

While SMSFactory’s main goal is to send premium text and make calls to premium phone numbers, Avast researchers noticed a malware variant that can also steal the contact list on compromised devices, likely to be used as another distribution method for the threat.

Jakub Vávra of Avast notes that SMSFactory is hosted on unofficial app stores. ESET researchers found the malicious APK package on APKMods and PaidAPKFree, two Android app repositories that lack vetting and proper security policies for the listed products.
How to stay safe

To avoid larger bills, users are recommended to download apps only from trusted sources, such as Google Play. They should keep at a minimum the number of applications they're using and read reviews from other users before installing anything.

Additionally, keep your operating system updated to the latest available version for your device and run regular scans via Play Protect.

For malware that subscribes to premium services, some carriers offer the option to disable or limit this action.
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Well-known
Jul 27, 2015
4,957
Disable or limit premium SMS with your carrier. While there are legitimate uses for premium SMS, recent SMS malware campaigns highlight the importance of control over potential charges on a user’s phone contract. Disabling premium SMS features or at least setting a limit significantly negates the potential impact of TrojanSMS campaigns. This step is especially important on children’s phones.