Premium SMS malware

Mobile threats: Premium SMS malware

One piece of malware that never seems to stop is Premium SMS Malware. It’s highly unlikely, due to scanners like Bouncer and Verify Apps that you would encounter such malware on the Play Store. Although, PUAs (potentially unwanted apps) exist there which also might utilize premium SMS without properly conveying their intent to the user.

In the particular piece of malware pictured, they’re offering adult media for a low cost of 3 Malaysian ringgits or 80 cents PER TEXT, 1-2 text per day, via automatically sent premium SMS messages. Once subscribed, the app continues to send Premium SMS but does not deliver any agreed upon content. Many premium SMS apps will deliver you content but sometimes this content is simply pirated or free elsewhere.

Blackmart Alpha

Blackmart is an app used to download illegitimate, pirated versions of other apps. Although shady, it is not technically malicious normally. Since it is not available on the Play store, and must be acquired from third-party sources, it is the perfect target for malware authors to use to release their own modified versions, tricking users by hiding in legitimate, but unverified apps. Once a user installs and opens THIS version, they will get a popup which seems to show the market app loading.

While this app is “loading” it’s actually sending premium SMS messages in the background, adding hefty charges to the user’s bill. In one case, someone was scammed out of €89.85, or $110.49. In addition, the app will also intercept and block any confirmation texts sent back by the two premium SMS numbers it uses.

One of the oldest mobile scams in the book, user awareness training and a strong security layer, as well as checking a usage bill for suspicious activity will often keep users safe from this oldie.

Part 3: Mobile threats: Google Play – Malware from the store
Part 5: Mobile threats: Random Access Trojans (RATs)

1 thought on “Mobile threats: Premium SMS malware”

  1. I’d like to add that malicious apps can be installed in the background via malicious links inside apps with a WebView – users don’t have to install them from Google Play or other stores.

Comments are closed.

Scroll to Top