Android SMS Spambot Update – SpamSoldier

Yesterday we told you about an Android trojan used to send SMS spam. Currently, the versions of this malware being distributed by the spammer are:

  • angrybirds.apk MD5 = a0e7a47c6b3582f9c9a4c5166eb0eace
  • gtavicecity.apk MD5 = a8de900d9ff269455f4344b8e8409699
  • needforspeed.apk MD5  = c18bc53d74e8a6926453a8c86355501a

The Command and Control server has moved to pinktrash.mobi, though imperialistic.mobi is still functional for the handsets infected with the older versions of the trojan.

Lookout Mobile Security have published an interesting blog post on this attack, which they call SpamSoldier. They discuss the techniques used to escape detection. Firstly the app attempts to remove its icon, so that you will not be aware that it is even there. It also attempts to block incoming messages unless they are from someone on your contacts list. This prevents the people your phone is spamming from complaining to you about the spam they received.

So, if you do get SMS spam, don’t bother replying  STOP to the sender, just forward that message to 7726 (that’s S-P-A-M on your keypad). Replying STOP will only work for commercial contacts from legitimate companies.

We’re continuing to monitor this attack, so watch the blog, or add it to your RSS feed, if you want to keep up to date.

 

 

 

 

4 thoughts on “Android SMS Spambot Update – SpamSoldier”

Leave a Reply

Your email address will not be published. Required fields are marked

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Learn More About Cloudmark
Our Products
News and Events
Site Map  •  Privacy Policy  •  ©2002–2014 Cloudmark, Inc.