Android malware for premium SMS fraud continues to grow as a category, and most of it rests on the shoulders of one family of malware: Android.FakeInstaller. However, while FakeInstaller is well-known and included in mobile security software, hackers are now including new features geared to avoid detection and expand its reach. Read More ..
FakeInst, as it’s known for short, invades smartphones by passing itself off as the installer for a legitimate application – it has spoofed the Olympic Games Results App, Skype, Flash Player, Opera and other top applications. When the user installs the new app, it then gets to work behind the scenes, without the user’s knowledge or consent, to send multiple text messages to premium-rate numbers.
The billings, paid automatically out of an unwitting victim’s account, then go directly into the pockets of criminals. Lookout Security said in a recent report that FakeInst malware has stolen more than $10 million this year already.
It’s a highly prevalent infection in Eastern Europe especially, according to researcher Fernando Ruiz of McAfee, but overall, more than 60% of Android samples processed by McAfee are FakeInstallers. Now, this threat has become more dangerous, he said, adding server-side polymorphism, obfuscation, antireversing techniques and frequent recompilation it its toolkit.
“Malware authors appear to make lots of money with this type of fraud, so they are determined to continue improving their infrastructure code, and techniques to try to avoid antivirus software,” said Ruiz. “It’s an ongoing struggle, but we are constantly working to keep up with their advances.”