A new and rare malware was recently discovered to become a threat to users of Android devices. According to AdaptiveMobile, a security vendor, the new SMS worm is able to propagate itself to target other Android users through special links embedded within text messages.
Dubbed as Selmite, the malware can automatically send text messages to Android users’ 20 contacts from the devices’ address books. The program can instantly install itself on the affected device.
Logically, most malware for Android can be considered as Trojan apps. But normally, those do not come with self-propagation mechanisms to be distributed through non-official app downloading stores. In general, SMS worms in Androd are also rare.
In fact, Selfmite comes as just the second of such threats to be discovered in the last two months. This suggests that the number of those malware might further increase in the foreseeable future.
How can you identify if your device has already been affected by the SMS worm? Selfmite sends a text message that contains the name of the targeted contacts. The message format goes: “Dear (name of the contact), Look at the Self-time.” From there, a shortened URL is provided.
That rogue link redirects to an Android application package (APK) file dubbed as TheSelfTimerV1.apk. It is hosted on a somehow remote server. Once a mobile user agrees to download APK, the app list would start to contain “The Self-Timer.’
Additionally, Selfmite also attempts to convince affected users to download and then install another file called mobogenie_122141003.apk using a local browser. You might realize that Mobogenie is a legal app that enables users to synchronize Android devices with users’ PCs. They can then download apps through an alternative app store.
So far, the Mobogenie Market app has already been downloaded for more than 5 million times through Google Play. It is also promoted through several referral schemes, which usually offer incentives for the spread and distribution of the malware in fraudulent manners.
AdaptiveMobile has already detected more than dozens of devices that are infected with the Selfmite malware in North America alone. The shortened URL used to disseminate the malicious program was already visited for 2,140 times before Google found and disabled it.