- Joined
- May 15, 2016
- Messages
- 10,357
- Likes
- 2,620
- Points
- 1,730
Stolen numbers are used in another application for creating accounts in various services.
A malicious application was discovered by IB researcher Maxim Ingrao, working at Evina. It is called Symoo and has over 100,000 downloads on Google Play. According to the researcher, after installing the application, the SIM cards of the victims begin to be used as “ virtual numbers ” to create accounts on the sites Microsoft, Google, Instagram, Telegram and Facebook.
The malware just works – after installation requests access to send and read SMS messages, which is not suspicious of the victims, since Symoo is advertised as “ a simple application for sending SMS ”. The most interesting thing begins after installation:
In addition, Maxim Ingrao found that Symoo transmits SMS messages from victim phones to the domain used by “ ActivationPW – Virtual numbers ”, which allows the user to 50 cents “ rent ” phone number and use it to create an account on the desired site. It is worth noting that this application has already been removed from Google Play, but Symoo – is not.
__________________
A malicious application was discovered by IB researcher Maxim Ingrao, working at Evina. It is called Symoo and has over 100,000 downloads on Google Play. According to the researcher, after installing the application, the SIM cards of the victims begin to be used as “ virtual numbers ” to create accounts on the sites Microsoft, Google, Instagram, Telegram and Facebook.
The malware just works – after installation requests access to send and read SMS messages, which is not suspicious of the victims, since Symoo is advertised as “ a simple application for sending SMS ”. The most interesting thing begins after installation:
- On the first screen of the user, they ask you to indicate your phone number, after which a fake download screen appears;
- The “ loading process ” is delayed, allowing remote operators to send a one-time code from the desired service to the victim’s phone number and forward it back to the operators;
- After the process is completed, the application freezes without providing the user with the promised functionality.
In addition, Maxim Ingrao found that Symoo transmits SMS messages from victim phones to the domain used by “ ActivationPW – Virtual numbers ”, which allows the user to 50 cents “ rent ” phone number and use it to create an account on the desired site. It is worth noting that this application has already been removed from Google Play, but Symoo – is not.
__________________