The popularity of Android means there are bad guys creating malware designed to take advantage of every little crevice in the platform.
Just one little hint there may be an opening and they just kick open the door and help themselves.
Kaspersky Lab researchers continue to pore over the SMS.AndroidOS.Waller.a threat and have found in addition to sending SMSs to premium-rate numbers, it also focuses on QIWI users.
After it infects a smartphone, the malware contacts its command and control (C&C) server located at playerhome.info. Researchers said the domain’s registrant is a French company, but the email account is with Yandex, a Russian firm.
The C&C server can order the Trojan to check the balance of a QIWI account, send SMSs, open arbitrary web pages, download and install other malware, intercept text messages, and send spam to the victim’s contact list. The malware is also capable of updating itself.
In order to check the balance in the WIQI Wallet, the malware sends an SMS to 7494. The response message ends up intercepted and forwarded to the cybercriminals.
If there is money in the digital wallet, bad guys can steal it by sending a message to 7494 with the wallet number they want to transfer funds to along with the amount they want to transfer. Kaspersky researchers said the attackers can steal up to $430 per day from compromised wallets.
Sending SMS messages to premium rate numbers is an efficient way for cybercriminals to make money. However, the scheme doesn’t work in every country. This is why they’ve designed their Trojan to target QIWI wallets.
QIWI mainly sees use in Russia, but the service is also available in the U.S., Romania, Brazil, Belarus, Kazakhstan, Moldova and Jordan.
There are not too many Waller infections out right now, but researchers said cybercriminals are increasingly relying on this piece of malware to make money.
The threat is going out via SMS spam, and on third-party app stores disguised as various types of applications, including media players, voice-changing software and even firmware.
In order to avoid having their phones infected with Waller, users should not to activate “developer mode” or the “install applications from third-party sources” options on their smartphones.