Yesterday we told you about an Android trojan used to send SMS spam. Currently, the versions of this malware being distributed by the spammer are:
- angrybirds.apk MD5 = a0e7a47c6b3582f9c9a4c5166eb0eace
- gtavicecity.apk MD5 = a8de900d9ff269455f4344b8e8409699
- needforspeed.apk MD5 = c18bc53d74e8a6926453a8c86355501a
The Command and Control server has moved to pinktrash.mobi, though imperialistic.mobi is still functional for the handsets infected with the older versions of the trojan.
Lookout Mobile Security have published an interesting blog post on this attack, which they call SpamSoldier. They discuss the techniques used to escape detection. Firstly the app attempts to remove its icon, so that you will not be aware that it is even there. It also attempts to block incoming messages unless they are from someone on your contacts list. This prevents the people your phone is spamming from complaining to you about the spam they received.
So, if you do get SMS spam, don’t bother replying STOP to the sender, just forward that message to 7726 (that’s S-P-A-M on your keypad). Replying STOP will only work for commercial contacts from legitimate companies.
We’re continuing to monitor this attack, so watch the blog, or add it to your RSS feed, if you want to keep up to date.