There is a cybercriminal campaign whose main goal is to distribute Android malware that sends SMS messages to premium rate numbers and to ensure success, attackers are abusing legitimate websites.
One example is a popular Bulgarian site that offers branded watches, said researchers at security provider Webroot. Those who visit it end up redirected to another website which serves the SMS Trojans.
There are at least three variations of this campaign. In one of them, Russian-speaking users end up lured with a fake Adobe Flash Player app.
Besides malicious Flash Players, victims also get a promise of a new Google Play site and an Android browser.
Once it finds itself on a mobile device, the malware collects information such as IMEI, IMSI, phone brand, and operator data and sends it back to a remote server . After that, it starts inflating the victim’s mobile bill by sending SMSs to premium rate numbers.