Time to watch out for SMS worms on Android devices

July 1, 2014 by Andrew Smith, The Conversation

Google's Android now dominates 80% of the smart phone market. Of the major phone operating systems, Android is the most vulnerable to security breaches and yet perceptions haven't caught up with reality. People simply aren't as worried, or as careful, as they ought to be.

If you're using an Android and aren't too concerned, maybe a recent announcement by a leading anti-malware company will make you stop and think. When were you last suspicious of a text from a friend?

Well, now is the time to start checking your messages with more scepticism as a virus known as "Andr/SlfMite-A" has been spreading throughout the Android world, transmitted by text messages, also known as SMS.

If you are fooled into clicking on a link embedded within the SMS, and if your phone is unprotected, the virus will in turn be installed on your own phone. The virus will then attempt to send text messages to your first 20 contacts. The message may look something like this:

By making your contacts think this message is from you and is therefore a genuine (and seemingly honest) which they must act upon. It tricks them into clicking the link, unleashing malware onto their phone. And so on.

If this all sounds familiar, it is because self-replicating "worms" like these were a feature of early mass-market online viruses. A decade ago, famed worms such as ILOVEYOU or Mydoom spread through email, shutting down computer systems throughout the world and causing millions of pounds in damage.

Today's SMS spam is spread in the same way, but things move even faster now. As soon as anyone clicks on the link, they become part of the worm's progress. You may only be one victim with 20 contacts, but these things soon add up. If all 20 contacts fell for the link once every hour, the worm could have swamped the entire planet and all its Android devices within a day.

Fortunately not everyone falls for this, nor do all the text messages get through. In the end, Andr/SlfMite-A is likely to fizzle out. However, whether it is successful in infecting your friends, the virus also downloads a small malware application which appears to direct users towards Mobogenie, an independent Android app store.

It is important to note that Mobogenie has been hit in the past by other malware issues. There's a reason the anti-malware community don't consider it an effective resource for protecting your smart phone.

Should I panic?

If you already have an anti-malware application installed on your smart phone, just check to see that its malware definitions are up to date. Then rest easy and make yourself a nice refreshing drink.

But if you do not have any protection I would be very concerned and strongly advise that you consider installing an antivirus app.

If you do get a mysterious text message from one of your contacts my best advice is to phone them and ask if they intended to send a message. If it looks as if they may be infected, point them to this article and advise them to ensure that their phone is protected.

Android is a victim of its success

Any computer and any operating system is potentially vulnerable to malicious code. So long as unsuspecting souls can be persuaded to download applications for their own personal benefit, cybercriminals will be able to exploit systems and create all kinds of mayhem.

Sadly, research has shown that over half of us could be persuaded to download malware for the right price. In some cases, manufacturers have managed to stem the supply: Apple and Microsoft, for instance, retain tight control over their smart phone app stores, ensuring a high degree of safety.

But the reality is that cybercriminals tend to target popular systems, and Android is increasingly dominant. There are many naive people out there, and more than one way to install dodgy apps.

It is important that everyone using any technology becomes more aware of the different types of attacks out there as you cannot entirely rely on experts to protect your smart phone from every attack.

We don't all use our phones in the same way so nor are we all exposed to the same degree of risk. The way you respond to texts, emails or browser messages, the sites you visit and the applications you may download all have an effect on the security of your smart phone.

Becoming cautious should be a way of life. There is nothing wrong with checking to see if an unusual text message from a friend is suspicious; who knows, maybe they'll even appreciate hearing your voice.

Explore further: Which phone is most vulnerable to malware?

Related Stories

Which phone is most vulnerable to malware?

April 30, 2014

As each new computer virus attack or vulnerability comes to light, millions instinctively check their computer to see if their anti-malware application is up to date. This is a good idea and they are wise to do it but a large ...

Malware is everywhere so watch out for the fake healers

May 13, 2014

There is nothing worse than having a fake healer offer a cure that does absolutely nothing. History is full of tales of frauds and quacks offering a cure for all, which eventually turn out to be nothing more than a bitter ...

Google removes Android malware used to secretly mine bitcoin

April 27, 2014

If you own an Android device, your phone might be mining bitcoin without you even knowing it. Five applications were recently removed from the Google Play store after they were discovered to be covertly using Android devices ...

Freebie tricksters unleash spam botnet using Android phones

December 20, 2012

(Phys.org)—Cloudmark, a San Francisco based messaging security company, posted a notice on Sunday that an Android trojan is being used to create simple havoc, aka an SMS spam botnet. Cyber-thieves dangling the lure of free ...

Kaspersky warns phone users of PC-infecting malware

February 5, 2013

(Phys.org)—Kaspersky Lab has a new warning for smartphone and tablet users. Yes, it's all about Android. No, it's not like anything you've been warned about before. Lab Expert Victor Chebyshev has discovered a new attack ...

Recommended for you

Semimetals are high conductors

March 18, 2019

Researchers in China and at UC Davis have measured high conductivity in very thin layers of niobium arsenide, a type of material called a Weyl semimetal. The material has about three times the conductivity of copper at room ...

Researchers discover new material to help power electronics

March 18, 2019

Electronics rule our world, but electrons rule our electronics. A research team at The Ohio State University has discovered a way to simplify how electronic devices use those electrons—using a material that can serve dual ...

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Jul 16, 2014
Not quite. You have to click through and then install an untrusted app. This cannot happen automatically, and you have to have "Allow installation of apps from unknown sources" enabled.

Can't let the truth distract from the hype, though

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.