Skip to main content

SMS Attacks and Mobile Malware Threats

SMS Attacks and Mobile Malware Threats

SMS attacks definition

SMS attacks are malicious threats that use short message service (SMS) and other mobile-based messaging applications to engage in cyberattacks. These attacks utilize malicious software and websites to enact damage to users.

SMS attacks can lead to theft of private data and spreading malware to other users. Attacks based on SMS and other text messaging may use many tools to execute their efforts. However, these attacks most commonly make use of malicious software — or malware.

What is SMS malware?

In essence, SMS malware is any malicious software delivered to victims by text messaging.

While malware may be delivered to mobile devices via email and many other means, SMS malware is promoted by a text. The efforts of this harmful software are designed to breach and operate on a mobile device without the user’s permission.

Once on a device, the malware can then cause any number of detrimental effects. Most of these revolve around the following categories:

  • Access: Gain or deny entry into private accounts, services, etc.
  • Misuse: Using a mobile device or services for unauthorized purposes
  • Expose: Disclose private data on a user’s mobile device, accounts, etc.
  • Delete: Erase data on a mobile device, services, etc.
  • Change: Modify data in undesired ways on a user’s devices, services, etc.

All mobile devices are vulnerable to SMS malware and text messaging attacks. Devices affected often run Google’s Android platform, as it runs on the majority of the world’s smartphones and tablets. While this highly-used platform is an ideal target for hackers, SMS malware can also target Apple’s iOS — despite misconceptions of being malware-free.

If anything, these threats cement the importance of anti-malware on mobile devices.

SMS-based malware threats continue to grow year on year and will continue to pose a major risk to mobile device users in the years to come. As one type of SMS attack, these and other threats in the category pose a significant threat to all mobile users.

How does an SMS attack work?

SMS attacks deliver malicious URL links via text message, typically leading to a website or download. Users that engage with these links may unknowingly harm themselves, either by downloading harmful code or revealing sensitive information.

To enact an SMS attack, a threat actor typically structures it in the following phases:

  1. Prepare: Gather and set up the necessary resources for a cyberattack.
  2. Distribute: Contact users with malicious messages via SMS or mobile messaging apps.
  3. Exploit: Successfully baited users interact with threats and compromise themselves.
  4. Execute: Initiate desired actions on a compromised device to achieve the SMS attack’s goal.

Attackers prepare by finding ways to share a threat through a mobile subscriber network. They also must set up any channels that deliver their malicious software or harvest user information. Once an attacker has prepared themselves to distribute their malicious texts, they expose users to the threat.

Unlike some other threats, SMS attacks are mostly designed around social engineering tactics to deceive victims into compromising themselves. Urgency is a key trait that attackers use to drive a victim into action. After getting a user to engage with a link, the attacker can then execute their will upon a user’s device and any connected services.

It’s worth noting that some SMS-based attacks may deviate from this structure. However, many common attacks tend to utilize the distribution and exploitation model detailed above.

As a result, SMS attacks can affect users directly, as well as damage a cellular or mobile messaging service provider’s reputation and congest networks.

How does SMS malware spread?

The spread of SMS malware may happen at the onset of an attack and subsequent user infections. By name, SMS malware means some aspect of the threat must involve the malicious use of SMS (or another text-based mobile messaging service) and malware.

While the name might suggest exclusive spread through SMS texts, this malware can spread through other means as well. Initial and subsequent infection vectors may involve mobile messaging applications, including any mobile data-based messaging service such as WhatsApp, Apple iMessage, and Facebook Messenger.

Some cases may involve users getting infected by SMS malware outside of mobile texting. Emails, websites, and other networked services can deliver malware that causes SMS attacks. This can then trigger users to be unwitting spreaders of SMS-based malware threats.

When discussing SMS malware, there are two distinct threats to understand:

  1. Direct distribution: Mobile malware that is sent from the attacker’s original SMS attack messages.
  2. Secondary distribution: Mobile malware or other malicious code that “hijacks” mobile devices, spreading additional malware to more users via SMS.

Indirect distribution, attackers use mobile networks or messaging services to send their malware-bait texts to users. Often, attackers automate their text messaging using malicious code to avoid manually contacting each user.

In secondary distribution, infected users spread the threat to other people in their contacts. The initial infection results from an attacker planting malicious code in places a user might expose themselves. This malicious code is capable of spreading malware once a user is infected.

Malicious apps, emails, and social media posts and messages are all common sources of this secondary “hijack” threat. The malicious code then may abuse a user’s contact list to send SMS attack messages.

Alternatively, an attacker’s malicious code may overtake a user’s mobile device as part of a botnet. This allows an attacker to send commands to it, doing more than a preprogrammed set of actions. This can include harvesting a user’s contacts to be used in a larger attack target list or executing other attack types like DDoS attacks. Sometimes, backdoor access is created to make a persistent threat.

Types of SMS and mobile malware attacks

Among the many SMS attack threats, here are some notable types:

SMS Phishing (Smishing)

SMS phishing, or “smishing,” involves an attacker posing as a trusted person or institution via text messaging to deceive users into compromising themselves.

Users may be baited into a malware infection, sending money, or guiding into disclosing private info, such as account credentials or banking numbers.

Phishing itself has been a popular cyberattack for years: people tend to be less skeptical of messages when they are from a person or organization they trust. Plus, urgent messages exploiting human trust alongside simple malicious links and file attachments can fool even savvy internet users.

Mobile Malware

Mobile malware is any malicious software that runs on mobile devices. These attacks involve the creation and distribution of malware by cybercriminals designed to target a victim’s mobile device. This is often the payload of other SMS attacks, such as smishing. Frequent offenders include:

  • Ransomware: Encrypts your device data and demands a ransom to unlock it.
  • Spyware: Monitors user activity, such as keystrokes, swipe gestures, and taps.
  • Clickjacking: Can mask interactions with your device to trick you into compromising actions.
  • Virus: Infects malicious activity on your device by attaching to a legitimate app, executing, and replicating when the app is run.
  • Trojan: Serves as a decoy app or file that may be malware itself or contain malicious threats.

Premium-rate SMS scams

Premium-rate SMS scams involve the unauthorized signup of users to subscription message services. Victims incur unwanted bills on their phone statement and may even be paying the attacker if the criminal runs these services.

A premium-rate SMS service might be for daily horoscopes or other conveniences. While these can be legitimate, attackers abuse this system to cause inconveniences or profit.

Sometimes, malware such as a Trojan may infect devices to trigger joining premium-rate services. These Trojans and other malware are designed to make unauthorized calls or send unauthorized texts without the user’s knowledge or consent. These calls and texts are subsequently directed to chargeable SMS text services or premium-charge numbers. These are operated by the cybercriminal, generating significant revenue streams for cybercriminal networks.

Examples of SMS attacks

SMS attacks have been increasing over the years, especially as mobile use has risen globally. Here are some more recent attacks to be aware of:

Emotet — SMS Phishing and Malware/Trojan

In early 2020, a banking trojan called EMOTET was used by cybercriminals to trick customers into credential theft and malware infection through text messages (SMS). They posed as trusted United States banks in urgent-sounding text messages — such as “Savings Bank ACC LOCKED” — and included a malicious web link for targeted customers to resolve the fake issue. Attackers used local phone numbers and formatted the message similarly to typical automated alert texts, causing victims to panic and click.

Victims that open the malicious link arrive at a fraudulent bank login page, which (if used) captures the user’s account credentials — without them knowing. Victims then enter phase two of the attack by downloading a document prepared with malicious code in the form of macros.

Emotet’s worm-like replication and its anti-malware evasion methods make this threat a substantial risk. While now delivered via a standard smishing attack, the Emotet malware has spread since 2014 (it took a short hiatus in mid-2019) via an ever-changing roster of channels. Its continuous evolution makes it a threat to keep an eye on.

Filecoder — Android SMS ransomware

In July 2019, reports of new ransomware targeting Google Android devices had begun to surface. Known as Android/Filecoder.C, this threat spreads via text message and can lock down your phone files via data encryption. This allows attackers to demand a ransom in exchange for access to your files.

This threat has been around since July 2019, spreading via web forums such as Reddit. The bait is typically pornographic content, hiding links under URL-shortening services like bit.ly.

Android-based victims of this link are infected with malware, sending texts containing another malicious link to every one of their phone contacts. This text link promotes an app, which will silently run ransomware in the background if installed.

SMS protection - How to prevent SMS attacks

What can you do to keep yourself safe from an SMS attack? Here are some key tips to guide your protection efforts:

  1. Slow down and act with caution: Typically, urgency is a red flag that you should pause and be more critical. Contact the sender directly through trusted channels, such as an official phone number on the institution’s website. Do the same if it’s supposedly from a person you know.
  2. Review your phone bills: Unwanted charges can indicate an ongoing scam, so be sure to report them and file a dispute as soon as you discover them.
  3. Keep an eye for detail: Odd spelling, grammar, and phrasing are all indicators that a message is not from an official institution. Official correspondence is typically reviewed and carefully written, whereas SMS attacks usually are not.
  4. Be wary of senders: Anyone who is not in your contacts should be scrutinized, but also exercise caution with friends and other known contacts. Unexpected links should raise the alarm and drive you to follow up with that person to verify its safety outside of texting.
  5. Do not open any links directly: Trusted organizations such as your bank can be checked directly via an official website. Opt to do this instead of following a potentially malicious link.

Ultimately, by installing effective anti-malware software, you can defend your mobile devices against Trojans and other malicious threats that initiate SMS attacks. We recommend Kaspersky Total Security: it protects all your devices (mobile, desktop, laptop, tablet) against Trojans, phishing scams, and other malware attacks.

Related Links:

SMS Attacks and Mobile Malware Threats

The fact that Kaspersky Lab has not recorded malware that uses exploits in Android to perform a drive-by attack may seem positive, but only at a first glance.The fact that Kaspersky Lab has not recorded malware that uses exploits in Android to perform a drive...
Kaspersky logo

Related articles