Lookout IDs SpamSoldier SMS spammer botnet

Mobile security firm Lookout has posted a security alert on their blog regarding a new threat they have identified for mobile devices. Working with carriers, Lookout has identified SpamSoldier, which they describe as a spammer botnet agent that uses infected phones to send SMS spam messages. They do not indicate which platforms are subject to attack, although the original attack vector is via an SMS message and not through any apps downloaded via app stores.

Lookout indicates distribution is currently limited. The big threat for users is the potential to see charges for text messages and if the botnet grows, carrier networks could be slowed down due to the additional traffic.

According to Lookout, the trojan will first appear on a user’s device in the form of a text message with a link to download a free version of a popular app. Examples include:

  • “You’ve just won a $1000 Target gift card but only the 1st 1000 people that enter code 7777 at hxxp://holyoffers.com can claim it!”
  • “Download Grand Theft Auto 3 & Need for Speed Most Wanted for Android phones for free at hxxp://trendingoffers.com for next 24hrs only!”

If a user clicks on the link, they will be asked to download the “install” file. Once downloaded, if the user attempts to install the app, it will actually activate the infected file. After installing the payload, the trojan will remove its own icon. Lookout reports that in some cases it will also go ahead and install the app the user thought they were downloading in order to keep them unsuspecting.

Once loaded and concealed, the botnet will contact its command server to retrieve the text of an SMS message and a list of 100 U.S. phone numbers. The software then starts sending the message to those phone numbers and once complete, will retrieve a new list and start over until shutdown. SpamSoldier takes other steps to conceal itself like hiding outgoing messages and trying to intercept SMS replies.

Lookout recommends users only download and install apps from reputable sources and install a mobile security app like the one they produce, which they claim will protect users against SpamSoldier.

source: Lookout Blog

About the Author: Jeff Causey

Raised in North Carolina, Jeff Causey is a licensed CPA in North Carolina. Jeff's past Android devices include an HTC EVO, a Samsung Note II, an LG G3, and a Motorola Moto X Pure Edition along with a Samsung Galaxy Tablet 10.1. He currently uses a Samsung Galaxy S8 and (very rarely) a Nexus 7 (2013). He is also using a Verizon-branded Motorola Moto Z Play Droid supplied by his job. Jeff used to have a pair of Google Glass and a Moto 360 Sport in his stable of gadgets. Unfortunately, his kids have all drunk the Apple Kool-Aid and have i-devices. Life at home often includes demonstrations of the superiority of his Android based devices. In his free time, Jeff is active an active runner usually training for his next marathon, owns a MINI Cooper, and plays Dungeons & Dragons. Jeff has three mostly grown kids and a golden retriever.