New variants of premium rate SMS trojan 'RuFraud' detected in the wild

Summary:Researchers from AegisLab, have intercepted several new variants of the infamous RuFraud premium rate SMS trojan.

Researchers from AegisLab, have intercepted several new variants of the infamous RuFraud premium rate SMS trojan.

How the infection takes place:

In order to earn money from the premium-rate SMS, the trojan will fake itself as a famous app, like Angry Birds; or downloader/installer of well-known softwares, it looks like 'real thing'. Some of these kinds of apps appear on the third-party download sites, and some will repackage itself, post to the official Android Marketplace, and try to lure innocent people to install it.

The malicious attackers have bundled the premium rate SMS trojan into a fake copy of the popular app Angry Birds. Upon execution, the trojan seems permissions to sent SMS messages. Once the user confirms that the application is free to do so, the trojan will start sending premium rate SMS messages to multiple numbers outlined in AegisLab's post.

Topics: Telcos, Collaboration, Hardware, Malware, Mobility, Networking, Security

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.