Mobile & Gadgets

Legitimate Android app causes users to infect friends with malware

Android.Trojan.KuSaseSMS encourages users to share it via self-advertising links

BitDefender Virus Researchers Andrei DAMIAN-FEKETE and Vlad ILIE have discovered a new piece of Android malware, baptized Android.Trojan.KuSaseSMS. This mobile threat propagates by means of self-advertising links sent by unwary users via two clean online video stream viewers available on the Google Android Market, cleverly encouraging friends to infect each other.

The user has the option to send an SMS or an e-mail message to promote the respective viewers to their contacts and friends. If this option is chosen, a predefined text will be entered in the “default sms/email client”. The SMS or e-mail will only be sent after the user chooses a recipient. The predefined text for both viewers contains the same link which actually takes the recipient to a malicious app, identified as Android.Trojan.KuSaseSMS. The Trojan sends 6 SMS to number “10086” (a Chinese phone service number) and it blocks all SMS coming from numbers beginning with “10”.

Fig1. Self-promotion options of the two viewers: by e-mail or by SMS.




Fig 2. Default SMS client” containing the predefined text of one of the viewers.


The friends or contacts of the person having accessed the viewers are the intended victims of this malware disseminaton scheme. Once they have installed the malicious Android.Trojan.KuSaseSMS app, the piece of malware accesses an alleged update link which, in fact, opens up the way to another malicious code that is similar in behavior to HippoSMS. HippoSMS is known to piggyback apparently legitimate applications available on alternative Android markets and to send SMS messages to premium rate numbers.

Catalin Cosoi, Head  of BitDefender Online Threats Lab commented:

“This could well be the first time that Android users are tricked into putting their friends at risk. Whilst these two apps could easily send the infected links themselves, the chances of users becoming suspicious and the scam getting detected would have been a lot higher. By using their friends and contacts to effectively endorse the safety of the links, it’s likely that a higher number of people will let their guard down and click through. I have to say this is a pretty ingenious way to spread malware, and we may well see more of this technique in future.”

Android users are recommended to always download applications from trustworthy locations and not to resort to alternative application markets. In addition, they should carefully read the permissions requested by applications they intend to install so as to be able to assess the possible risks they are exposed to more accurately. Finally, monitoring the smartphone for unusual behavior will help keep users safe.

BitDefender users can keep their smartphones safe from harm using BitDefender Mobile Security, which uses new in-the-cloud antivirus services to efficiently scan the device and prevent malicious applications from being installed. BitDefender Mobile Security, now in beta, is available here


All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of their respective owners.

This article is based on the technical information provided courtesy of Andrei DAMIAN-FEKETE and of Vlad ILIE, BitDefender Virus Researchers.

About the author

Ioana Jelea

Ioana Jelea has a disturbing (according to friendly reports) penchant for the dirty tricks of online socialization and for the pathologically mesmerizing news trivia. From gory, though sometimes fake, death reports to nip slips and other such blush-inducing accidents, her repertoire is an ever-expanding manifesto against any Victorian-like frame of thought that puts a strain on online creativity. She would like to keep things simple, but she never does.