Breaking News

This Malicious App Abused Hacked Devices to Create Fake Accounts on Multiple Platforms


Fake Accounts

A
malicious
Android
SMS
application
discovered
on
the
Google
Play
Store
has
been
found
to
stealthily
harvest
text
messages
with
the
goal
of
creating
accounts
on
a
wide
range
of
platforms
like
Facebook,
Google,
and
WhatsApp.

The
app,
named

Symoo
(com.vanjan.sms),
had
over
100,000
downloads
and
functioned
as
a
relay
for
transmitting
messages
to
a
server,
which
advertises
an
account
creation
service.

This
is
achieved
by
using
the
phone
numbers
associated
with
the
infected
devices
as
a
means
to
gather
the
one-time
password
that’s
typically
sent
to
verify
the
user
when
setting
up
new
accounts.



CyberSecurity

“The
malware
asks
the
phone
number
of
the
user
in
the
first
screen,”
security
researcher
Maxime
Ingrao,
who
discovered
the
malware,

said,
while
also
requesting
for
SMS
permissions.

“Then
it
pretends
to
load
the
application
but
remains
all
the
time
on
this
page,
it
is
to
hide
the
interface
of
the
received
SMS
and
that
the
user
does
not
see
the
SMS
of
subscriptions
to
the
various
services.”


Fake Accounts

Some
of
the
major
services
illegally
signed
up
using
the
phone
numbers
include
Amazon,
Discord,
Facebook,
Google,
Instagram,
KakaoTalk,
Microsoft,
Nike,
Telegram,
TikTok,
Tinder,
Viber,
and
WhatsApp,
among
others.

Additionally,
the
data
collected
by
the
malware
is
exfiltrated
to
a
domain
named “goomy[.]fun,”
which
was
previously
used
in
another
malicious
application
called
Virtual
Number
(com.programmatics.virtualnumber)
that
has
since
been
taken
down
from
the
Play
Store.

The
app’s
developer,
Walven,
has
also
been
linked
to
another
Android
app
known
as

ActivationPW

Virtual
numbers
(com.programmatics.activation)
that
claims
to
offer “virtual
numbers
to
receive
SMS
verification”
from
more
than
200
countries
for
less
than
50
cents.

According
to
Ingrao,
Symoo
and
ActivationPW
represent
the
two
ends
of
the
fraudulent
scheme,
wherein
the
phone
numbers
of
the
hacked
devices
that
have
the
former
installed
are
employed
to
help
users
buy
accounts
through
the
latter.

Google
told
The
Hacker
News
that
the
two
apps
have
been
removed
from
the
Play
Store
and
that
the
developer
has
been
banned.

shortenage

Leave a Reply

Your email address will not be published. Required fields are marked *

Powered by WordPress | Bootstrap Themes