First large-scale Android Spam Virus

According to companies like Fortinet, cyber-thieves are using games including Angry Birds to turn Android phones into spam-sending drones.Phones have been infected with spam-forwarding software that hid inside free versions of popular Android games.Once installed, the booby-trapped app contacts a web server for a list of phone numbers then starts sending junk text messages to them.Angry Birds Space, Need for Speed Most Wanted and many other games have been used in the attack.The first stage of the campaign to recruit phones to act as spam relays. It involved sending out thousands of messages supposedly offering people free versions of popular Android games, said network security firm Cloudmark in an analysis of the SpamSoldier attack.The copies of the games were held on a server in China rather than on the main Google Play store, it said. After the app is downloaded users must disable some safeguards, grant the app permission to install and give it the ability to browse the web or send texts messages before it will run.Attack spreadingOnce installed the app removes its icon from a phone's main screen and then contacts a central server for a list of target phone numbers. It then starts sending out spam messages in a bid to trick more people into downloading and installing the rogue app. Other spam messages sent via infected phones falsely told people they had won a gift card.In a separate analysis mobile security firm Lookout said SpamSoldier worked hard to hide its activity by editing outgoing message logs to hide the junk texts being sent. In addition, it also looks for responses from the numbers it spammed to prevent victims finding out about its presence.So far, said security firms, the number of phones infected remained low but junk texts sent by infected phones were starting to pop up on all US carriers. Cloudmark said whoever was behind the attack had recently ramped up their use of it. Now, it said, it was seeing more than 500,000 junk texts per day being sent through infected Android phones."This sort of attack changes the economics of SMS spam, as the spammer no longer has to pay for the messages that are sent," said analyst Andrew Conway at Cloudmark. " Now that we know it can be done, we can expect to see more more complex attacks that are harder to take down."Ciaran Bradley, head of handset security at Adaptive Mobile, said growing numbers of spammers were adopting this tactic and it is important to consider managed SOC techniques to prevent hackers and spammers from continuing it."We've also seen the spammers try to spread the infection by advertising free adult videos featuring a well-known reality TV star," he said. ". It illustrates the lengths spammers will go to to ensure their messages are delivered and to avoid detection."To help protect themselves, Android owners were urged to be wary of unexpected messages that offer free versions of apps which are usually sold.