When it comes to the security of your mobile apps, things are not always how they appear on the surface. Stealthy malicious apps often seem benign at first glance but once installed, run quietly in the background harvesting your data and personal information. Thanks to these malicious apps created by hackers, the seemingly innocuous programs held in the palm of your hand can often end up providing you with much more than you’ve bargained for and potentially cost you just as much.
Unfortunately, handy uninstaller apps that claim to rid your mobile device of multiple unwanted apps in one fell swoop are no exception. One particularly stealthy app, Android/Trojan.Spy.Smsthief disguises itself as an uninstaller utility but rather than removing unwanted apps, this malware collects and relays your personal information back to the attacker who created it.
The app is designed to acquire device administrator privileges upon installation, providing it with deep access to your phone and causing it to be extremely tricky to remove. This level of permission is usually only granted to special Google and security apps and it is not yet known how this app is able to request such a high level of access.
Although the app appears to be lying dormant on a user’s phone after it has been installed, it is in fact doing just the opposite. Hiding its designating icon from the app launcher and running in the background, it quietly intercepts and copies your valuable information.
As the name suggests, this app specifically uses text messages for its nefarious means through the following methods:
- Spam messaging: this causes the infected phone to send text messages containing malicious links to people in the infected device’s contact list. When the receiver of the messages clicks on said link, the attacker is paid either through call fraud or deals with (occasionally) innocent affiliates.
- Premium SMS fraud: an attacker will secretly send text messages to premium numbers they have purchased through the infected mobile device, leaving the phone’s owner footing the bill. This trick can also be used by making calls to premium-rate phone numbers. Read more about it in this recent blog.
This Android/Trojan.Spy.Smsthief has been found on third-party app stores in China and file-sharing sites. However, whether this malicious app falls close to home for you or not, it is always best to continue to practice these key mobile security habits:
- Avoid third-party app stores and only download mobile apps from trustworthy sites
- Always check an app’s permission settings before installing it
- Never click unfamiliar or unusual links within text messages
However, even with the most cautious approach to your mobile app download and usage, nasty things can get through the best defenses. Having security software installed on your mobile device is an essential part of protecting your privacy. McAfee® Mobile Security, free for Android and iOS, offers a variety of protections against malicious apps, including a text and call filter that weeds out unwanted numbers for Android users.