The large number of malicious websites designed to infect Android devices with the well-known Android:FakeInst SMS Trojan have made Avast security experts issue another warning to alert users of its presence. They also advise smartphone owners to beware of shady-looking alternative Android app markets.
Researchers have found several domains, such as t2file.net and uote.net, which store at least 25 new apps that mask the piece of malware.
After users are lured onto these websites, they’re presented with a phony Downloader program. The truly evil thing about this app is that it tells the victim that the operation may cost money, but the Quit button doesn’t work.
Once the installation process begins, there’s nothing you can do, but click on the Agree or OK buttons. Of course, there are methods to stop the task, but to the untrained user it appears as he/she has no other choice.
What is even more worrying is the fact that once one of these buttons is pressed, an SMS to a premium rate number is already sent out. To make matters worse, the Trojan contains premium numbers for around 60 different countries worldwide, which means that if the victim isn’t located in Antarctica, he/she will most likely end up with an inflated phone bill.
In order to prevent experts from analyzing the malware, its creators have used AES encryption to make the file inaccessible.
Each SMS sent out by Android:FakeInst costs around $4 (3 EUR), which means that the cybercriminals behind this operation can earn considerable amounts of money from users who make the mistake of downloading software from alternative markets.
“Never trust weird looking alternative markets and always check the app permissions. If you’ve downloaded a game that asks for SMS and Phone calls permissions, it probably means that someone is about to “play you” instead,” Avast’s Alena Varkočková explained.