New RuMMS Malicious Program for Android Strikes through SMS Spam, Says FireEye
USA-situated network security firm FireEye has unearthed one fresh malware family affecting Android devices while contaminating smart-phones inside Russia via the technique of SMS phishing. For contaminating probable victims, the crooks behind the malware dispatch users SMS texts consisting of web-links that look like hxxp: //yyyyyyyy[.]XXXX.ru/mms.apk, prompting the security company to dub the malware "RuMMS." When the web-links are clicked, they contaminate users with the malware.
It was on January 18, 2016 that the malware's most initial version was traced, and till now according to FireEye, there are 300-and-more strains of RuMMS. When planted, it asks for device administrator rights.
What's more, FireEye states it was able towards tracking a minimum of 2,729 victims from the time it first found RuMMS. During January, the malware caused 380 infections, during February, the number was 767, during March -1,169, and during April it was 413.
When RuMMS hits, victims get an allegedly harmless text having one malevolent web-link, which if clicked, pulls down the RuMMS malware. As indicated, RuMMS first spread during January 2016, however, FireEye observed fresh strains emerging on 3rd April. Scmagazine.com posted this, April 26, 2016.
Incidentally, when RuMMS makes its position on an Android, it asks for admin privileges while actually remains invisible. Thereafter, it establishes a connection with its C&C server as also starts dispatching texts consisting of banking details, dispatches texts that are its own onto contact numbers which are contained in the device, diverts inbound texts onto the distantly-placed C&C system, and forwards inbound phone-calls for tapping into voice-related dual-factor validation queries.
This nasty ploy makes sure that those perpetrating the above operations do not require having data banks of their own for contaminating people rather depend upon the malware propagating itself similar as any traditional virus.
Meanwhile, FireEye states that its researchers spotted approximately 300 distinct samples of RuMMS, as also that each and every domain that once harbored the malevolent APK are currently sanitized as also stand innocuous.
FireEye suggests smart-phone owners not to pursue web-links which arrive via SMS messages, particularly if their origin isn't known. Moreover, users must load applications that are solely in Google's Play Store.
» SPAMfighter News - 5/4/2016