The Selfmite worm that attacks Android phones and sends out text messages has made a reappearance, prompting security researchers to warn the new version is more dangerous and widespread this time.
According to IT security firm AdaptiveMobile, the worm first surfaced in June. This latest version, Selfmite.b, has infected many more users, uses several techniques to extract money from victims and is "difficult to stop".
Around 150,000 messages have been tracked as being sent by the worm over the last ten days in 16 countries a hundred times the number of messages generated by the previous version of the malware.
As in the previous version, Selfmite infects a user's phone if they click on a link in a text message reading "Hi buddy, try this, its amazing u know," and "Hey, try it, its very fine." Following the link download installs an APK file, which is a trojanised Google Plus app infected with the worm.
The worm then connects with a remote server and downloads a configuration file containing data that is used to spread the infection.
Whereas the previous version just spammed 20 contacts in a user's address book, this latest version sends a message to all contacts in a loop until the mobile operator detects a problem and blocks messages.
The worm uses multiple "touch points" to encourage the victim to do things that make money for the hacker.
Users are either directed to an application in Google Play after clicking on the installed worm icon, or they click on icons that Selfmite.b has placed on their desktops and are therefore redirected to unsolicited subscription websites. The worm also varies content according to IP addresses, meaning users in different countries will be redirected to different websites.
While iPhone users aren't at risk of infection, clicking on the link will redirect them to a fitness app in the Apple App Store.
"This is Selfmite returning on steroids," said Denis Maslennikov, security analyst at AdaptiveMobile.
"It's more aggressive self-propagating capabilities means more victims. In addition, it uses multiple links to engage with users, increasing its monetisation potential. This additional level of complexity makes Selfmite.b a real concern for both mobile carriers and users."
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
CronRat Magecart malware uses 31st February date to remain undetectedNews The malware allows for server-side payment skimming that bypasses browser security
-
Mekotio trojan continues to spread despite its operators’ arrestsNews Hackers have used it in 100 more attacks since arrests
-
“Trojan Source” hides flaws in source code from humansNews Organizations urged to take action to combat the new threat that could result in SolarWinds-style attacks
-
What is Emotet?In-depth A deep dive into one of the most infamous and prolific strains of malware
-
Fake AnyDesk Google ads deliver malwareNews Malware pushed through Google search results
-
Hackers use open source Microsoft dev platform to deliver trojansNews Microsoft's Build Engine is being used to deploy Remcos password-stealing malware
-
Android users told to be on high alert after Cerberus banking Trojan leaks to the dark webNews The source code for the authenticator-breaking malware is available for free on underground forums
-
Qbot malware surges into the top-ten most common business threats
News An evolved form of the banking Trojan was distributed by number one-ranking Emotet in a campaign that hit 5% of businesses globally
