AdaptiveMobile’s Ongoing Threat Analysis (OTA) has uncovered a series of SMS scams first appearing in Russia and now being seen across the globe that see criminals profiting by sending out texts with web links to mobile malware.
Using what is known as the ‘drive-by’ technique, clicking the link in the message automatically downloads a fake app which signs the user up to premium rate services. The app then intercepts confirmation messages so they are unaware of what they have been subscribed to.
A recent example spammed mobile users with SMS messages informing them that they had received an MMS message saying “I love you. To view: http:// [redacted].org/9560.htm”. In Russia, the links were designed to look like the websites used by local operators.
“SMS is still the most popular form of communication amongst adults and is highly trusted, making it very attractive to spammers looking to abuse that confidence,” says Ciaran Bradley, VP of handset securitym for AdaptiveMobile.
“While many operators already have measures in place to counter SMS spam, it is important that they are aware of these specific threats so that they ensure the correct action is taken.”