Selfmite Android malware returns, bigger & badder

Sending out more text messages and making more money for hackers

Mobile malware

The Selfmite worm that attacks Android phones and sends out text messages has made a reappearance, prompting security researchers to warn the new version is more dangerous and widespread this time.

According to IT security firm AdaptiveMobile, the worm first surfaced in June. This latest version, Selfmite.b, has infected many more users, uses several techniques to extract money from victims and is "difficult to stop".

Advertisement - Article continues below

Around 150,000 messages have been tracked as being sent by the worm over the last ten days in 16 countries a hundred times the number of messages generated by the previous version of the malware.

As in the previous version, Selfmite infects a user's phone if they click on a link in a text message reading "Hi buddy, try this, its amazing u know," and "Hey, try it, its very fine." Following the link download installs an APK file, which is a trojanised Google Plus app infected with the worm.

The worm then connects with a remote server and downloads a configuration file containing data that is used to spread the infection.

Whereas the previous version just spammed 20 contacts in a user's address book, this latest version sends a message to all contacts in a loop until the mobile operator detects a problem and blocks messages.

Advertisement
Advertisement - Article continues below

The worm uses multiple "touch points" to encourage the victim to do things that make money for the hacker.

Advertisement - Article continues below

Users are either directed to an application in Google Play after clicking on the installed worm icon, or they click on icons that Selfmite.b has placed on their desktops and are therefore redirected to unsolicited subscription websites. The worm also varies content according to IP addresses, meaning users in different countries will be redirected to different websites.

While iPhone users aren't at risk of infection, clicking on the link will redirect them to a fitness app in the Apple App Store.

"This is Selfmite returning on steroids," said Denis Maslennikov, security analyst at AdaptiveMobile.

"It's more aggressive self-propagating capabilities means more victims. In addition, it uses multiple links to engage with users, increasing its monetisation potential. This additional level of complexity makes Selfmite.b a real concern for both mobile carriers and users."

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/30081/what-is-a-trojan-virus
Security

What is a Trojan?

24 Apr 2020
Visit/security/malware/355093/evasive-malware-threats-are-surging
malware

Evasive malware threats doubled in 2019

24 Mar 2020
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

2 Mar 2020
Visit/antivirus/28144/best-antivirus
antivirus

Best antivirus for Windows 10

3 Sep 2019

Most Popular

Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
Visit/security/cyber-security/355797/microsoft-bans-trend-micros-rootkit-buster-from-windows-10
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020
Visit/policy-legislation/data-protection/355835/nhs-yet-to-understand-the-risks-of-holding-test-and-trace
data protection

NHS yet to understand risks of holding Test and Trace data for 20 years

29 May 2020