The SMS worm Selfmite is back, and its even nastier than before
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.
October 10, 2014
Watch out smartphone users-- the SMS worm Selfmite is back, and now it's even nastier than ever, and worse: it's now global.
The pesky worm, which first surfaced in June of this year and affects Android smartphones and tablets, has spawned a new version. Are you surprised? Why would you be?
The Selfmite-B virus infects many more users, uses several money-making techniques and is generally more dangerous and difficult to stop, warns mobile security firm Adaptive Mobile.
To be sure, AdaptiveMobile has tracked more than 150,000 messages sent over the past ten days from over one-hundred compromised devices found in sixteen countries. The latest version of the worm has generated 100 times more traffic than its older sibling, Selfmite-A.
AdaptiveMobile has tracked Selfmite-B in Canada, China, Costa Rica, Ghana, India, Iraq, Jamaica, Mexico, Morocco, Puerto Rico, Russia, Sudan, Syria, the U.S., Venezuela and Vietnam.
“This is the same old Selfmite worm but this time returning on strong steroids,” said Denis Maslennikov, the security analyst at AdaptiveMobile who discovered the latest version of the worm.
“It’s more aggressive and self-propagating capabilities simply means more victims will be caught in its wake. Additionally, it uses several links to engage with users, increasing its monetization potential at the same time. This additional level of complexity makes Selfmite-B a real concern for both wireless carriers and users.”
Users get infected if they download and install malicious APK files from URLs contained in text messages spammed out by already compromised devices.
Once installed, Selfmite-B sends messages to all of the contacts in a user’s phone in a loop, which means that potential victims will continue to receive messages until the mobile carrier detects and blocks these messages or the owner deletes the malware.
The cybercrooks behind the scam have come up with multiple ways to make money, mostly through dodgy affiliate programs.
Users are either directed to an application in Google Play after clicking on the installed worm icon, or they click on other icons that Selfmite-B has placed on their desktops and are therefore redirected to unsolicited subscription websites.
The virus also varies content according to IP addresses, so that users in different countries will be redirected to different websites.
The URLs most immediately associated with the spread of the worm have been consigned into oblivion but this does not necessarily mean that the current outbreak is wholly contained.
"We notified Go Daddy about the malicious x.co URLs and at the moment both shortened URLs have been deactivated," AdaptiveMobile said. "But the fact that the author (s) of the worm can change it remotely using a configuration file makes it harder to stop the whole infection process."
A blog post by Adaptive Mobile - including screenshots of a code snippets - gives a more in-depth look at the malware and the damage it can inflict.
Source: Adaptive Mobile.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!