However, SMSFactory continues to operate in the background, establishing a connection to the command and control (C2) server and sending an ID profile of the infected device. The SMSFactory APK may come under different names and when trying to install it on the device, a warning kicks in from Play Protect - Android's built-in security system, alerting users about the potential security risk from the file. ESET research JSMSFactory's stealthy operation Jakub Vávra of Avast notes that SMSFactory is hosted on unofficial app stores. ESET researchers found the malicious APK package on APKMods and PaidAPKFree, two Android app repositories that lack vetting and proper security policies for the listed products.ĪPK hash: E26BF914A8C267EEAAD7E73536C8FC272167A96Aĭetection name: Android/ #ESETresearch 2/2 /OUwXyu3c3V While SMSFactory’s main goal is to send premium text and make calls to premium phone numbers, Avast researchers noticed a malware variant that can also steal the contact list on compromised devices, likely to be used as another distribution method for the threat.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |