Avast has released new research around an Android Trojan it is calling SMSFactory. SMS Factory can cost victims $336 a year, by sending premium SMS and making calls to premium-rate phone numbers, without requiring the user to enter their phone number.
The mobile malware is spreading through malvertising, push notifications and alerts displayed on sites offering game hacks, adult content, or free video streaming sites, serving the malware disguised as an app in which users can access gaming, videos or adult content. Once installed, the malware hides itself, making it nearly impossible for victims to detect what is causing the charges on their phone bills.
Avast has protected more than 165,000 Avast users from SMSFactory in the past year (May 2021-May 2022), with the highest number of users protected in Russia, Brazil, Argentina, Turkey, and Ukraine.
In contrast to recent TrojanSMS campaigns, SMSFactory includes stealth features such as lack of app icon and name, which wouldn’t be allowed on the Google Play Store, hence the bad actors have resorted to a reasonably intricate network of sites for delivery and subsequent communication with the malware.
Avast researcher Jakub Vávra also found versions capable of creating a new Admin account on the infected device, making it more difficult to remove, and a version capable of copying, and extracting victims’ contact lists, likely to further spread the malware to contacts. Some versions of the malware redirect users to sites in order to get them to install another SMSFactory app onto their device.
More information on SMSFactory, and advice on how users can protect themselves can be found on the Avast blog: https://blog.avast.com/smsfactory-android-trojan.