Legitimate Android app causes users to infect friends with malware

BitDefender Virus Researchers Andrei DAMIAN-FEKETE and Vlad ILIE have discovered a new piece of Android malware, baptized Android.Trojan.KuSaseSMS. This mobile threat propagates by means of self-advertising links sent by unwary users via two clean online video stream viewers available on the Google Android Market, cleverly encouraging friends to infect each other.

The user has the option to send an SMS or an e-mail message to promote the respective viewers to their contacts and friends. If this option is chosen, a predefined text will be entered in the “default sms/email client”. The SMS or e-mail will only be sent after the user chooses a recipient. The predefined text for both viewers contains the same link which actually takes the recipient to a malicious app, identified as Android.Trojan.KuSaseSMS. The Trojan sends 6 SMS to number “10086” (a Chinese phone service number) and it blocks all SMS coming from numbers beginning with “10”.

Fig1. Self-promotion options of the two viewers: by e-mail or by SMS.

 

 

 

Fig 2. Default SMS client” containing the predefined text of one of the viewers.

 

The friends or contacts of the person having accessed the viewers are the intended victims of this malware disseminaton scheme. Once they have installed the malicious Android.Trojan.KuSaseSMS app, the piece of malware accesses an alleged update link which, in fact, opens up the way to another malicious code that is similar in behavior to HippoSMS. HippoSMS is known to piggyback apparently legitimate applications available on alternative Android markets and to send SMS messages to premium rate numbers.

Catalin Cosoi, Head of BitDefender Online Threats Lab commented:

“This could well be the first time that Android users are tricked into putting their friends at risk. Whilst these two apps could easily send the infected links themselves, the chances of users becoming suspicious and the scam getting detected would have been a lot higher. By using their friends and contacts to effectively endorse the safety of the links, it`s likely that a higher number of people will let their guard down and click through. I have to say this is a pretty ingenious way to spread malware, and we may well see more of this technique in future.”

Android users are recommended to always download applications from trustworthy locations and not to resort to alternative application markets. In addition, they should carefully read the permissions requested by applications they intend to install so as to be able to assess the possible risks they are exposed to more accurately. Finally, monitoring the smartphone for unusual behavior will help keep users safe.

BitDefender users can keep their smartphones safe from harm using BitDefender Mobile Security, which uses new in-the-cloud antivirus services to efficiently scan the device and prevent malicious applications from being installed. BitDefender Mobile Security, now in beta, is available here

 

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of their respective owners.

This article is based on the technical information provided courtesy of Andrei DAMIAN-FEKETE and of Vlad ILIE, BitDefender Virus Researchers.