There’s an old saying “there’s no such thing as a free lunch”. This holds true whether it’s a cheap vacation where you get stuck in a time share presentation or a free download of an app that typically costs a few bucks.
That saying is the perfect lead in to a new report of an SMS spam botnet making the Android rounds. It’s not very often we hear about Android security threats but when we do the company that typically finds them is the security firm Lookout. On December 3rd They found a threat which they named “SpamSoldier” that was being spread through SMS messages advertising free versions of popular paid games.
Basically what’s happening is that a user will get a text reading something to the effect of:
“Download Grand Theft Auto 3 & Need for Speed Most Wanted for Android phones for free at hxxp://trendingoffers.com for next 24hrs only!”
After which the person would tap the link thinking they were getting a free game and that’s where the spam botnet takes over. It opens and removes its icon from the launcher to cover its tracks. It then immediately starts sending spam messages.
It’s so devious that it actually does install the free version of the game so that you have no idea what it’s doing behind the scenes. And that’s where the spamming begins. This bot actually hides the outgoing messages it’s sending and even attempts to intercept incoming replies to the spam it’s sending out.
SpamSoldier connects itself to a remote Command & Control server where it gets a list of US phone numbers to spam, one hundred at a time in a constant loop. The only times it stops are because of an unresponsive server or the application is closed.
So far the spam botnet isn’t widely distributed yet but it has been picked up on all major US carriers. However Lookout believes that it could have a major impact if it’s not dealt with in a timely manner since it has the possibility to slow a network down if enough people do in fact get infected. Another potential side effect is the financial hit for users who aren’t on plans that offer unlimited text messaging.
Lookout is a great service to have in your corner when stuff like this happens. So far their recommendations are obvious but bear repeating. Only download apps from reputable app stores and check that the developer is credible before downloading. Pretty much if it sounds too good to be true, it almost always is.