A malicious Android SMS application discovered on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook, Google, and WhatsApp.
The app, named Symoo (com.vanjan.sms), had over 100,000 downloads and functioned as a relay for transmitting messages to a server, which advertises an account creation service.
This is achieved by using the phone numbers associated with the infected devices as a means to gather the one-time password that’s typically sent to verify the user when setting up new accounts.
“The malware asks the phone number of the user in the first screen,” security researcher Maxime Ingrao, who discovered the malware, said, while also requesting for SMS permissions.
“Then it pretends to load the application but remains all the time on this page, it is to hide the interface of the received SMS and that the user does not see the SMS of subscriptions to the various services.”
images from Hacker News