Lookout IDs SpamSoldier SMS spammer botnet

Mobile security firm Lookout has posted a security alert on their blog regarding a new threat they have identified for mobile devices. Working with carriers, Lookout has identified SpamSoldier, which they describe as a spammer botnet agent that uses infected phones to send SMS spam messages. They do not indicate which platforms are subject to attack, although the original attack vector is via an SMS message and not through any apps downloaded via app stores.

Lookout indicates distribution is currently limited. The big threat for users is the potential to see charges for text messages and if the botnet grows, carrier networks could be slowed down due to the additional traffic.

According to Lookout, the trojan will first appear on a user’s device in the form of a text message with a link to download a free version of a popular app. Examples include:

  • “You’ve just won a $1000 Target gift card but only the 1st 1000 people that enter code 7777 at hxxp://holyoffers.com can claim it!”
  • “Download Grand Theft Auto 3 & Need for Speed Most Wanted for Android phones for free at hxxp://trendingoffers.com for next 24hrs only!”

If a user clicks on the link, they will be asked to download the “install” file. Once downloaded, if the user attempts to install the app, it will actually activate the infected file. After installing the payload, the trojan will remove its own icon. Lookout reports that in some cases it will also go ahead and install the app the user thought they were downloading in order to keep them unsuspecting.

Once loaded and concealed, the botnet will contact its command server to retrieve the text of an SMS message and a list of 100 U.S. phone numbers. The software then starts sending the message to those phone numbers and once complete, will retrieve a new list and start over until shutdown. SpamSoldier takes other steps to conceal itself like hiding outgoing messages and trying to intercept SMS replies.

Lookout recommends users only download and install apps from reputable sources and install a mobile security app like the one they produce, which they claim will protect users against SpamSoldier.

source: Lookout Blog