A recent discovery by cybersecurity researchers has unveiled a novel malware that has been targeting Android devices for over two years, with more than 107,000 samples identified so far. This malicious software, known as “SMS Stealer,” is designed to steal SMS messages containing sensitive information such as one-time passwords (OTPs) to fuel further nefarious activities.
The origin of the SMS Stealer malware traces back to a sophisticated cybercriminal infrastructure that distributes the malware through dynamically changing mobile apps, which are spread via Telegram messages or ads posing as legitimate applications, according to findings by researchers at Zimperium zLabs.
Since February 2022, the Zimperium researchers have been tracking the SMS Stealer campaign, which has managed to affect victims in 113 countries, with India and Russia being the most impacted. The attackers behind this campaign have shown a high level of organization and motivation, boasting 13 command-and-control (C2) servers and 2,600 Telegram bots at their disposal.
One of the most concerning aspects of this malware is its ability to evade traditional signature-based detection methods, making it challenging for defenders to identify and mitigate without advanced malware detection tools. Nico Chiaraviglio, Zimperium’s chief scientist, highlighted the dynamic and adaptive nature of the malware, emphasizing the sophistication of the threat actors behind it.
An analysis of over 99,000 malware samples revealed that the SMS Stealer campaign has largely gone unnoticed by defenders for nearly two and a half years. The attackers are targeting over 60 renowned global brands, intercepting OTP messages to exploit the large user bases associated with these brands.
The SMS Stealer campaign operates in multiple phases, from initial infection to the exfiltration of SMS messages and other data. The stolen credentials are then used for fraudulent activities, such as phishing campaigns or social engineering attacks, amplifying the potential harm caused by this malware.
As the threat landscape continues to evolve, there is a pressing need for improved mobile defense strategies to combat sophisticated malware like SMS Stealer. Experts emphasize the importance of adopting multilayered defense approaches that leverage advanced technologies like behavioral analysis, machine learning, and real-time threat intelligence.
Jason Soroko, senior vice president of product at Sectigo, warns of the severe risks posed by malware that can intercept OTPs and facilitate credential theft. He stresses the urgency for organizations to prioritize mobile security and implement proactive defense measures to protect digital identities and enterprise integrity.
Stephen Kowski, field CTO at SlashNext Email Security+, underscores the significance of robust mobile threat defense solutions and continuous security updates to detect and neutralize hidden malware effectively. By staying vigilant and investing in advanced security measures, organizations can mitigate the risks associated with mobile malware and safeguard sensitive data from malicious actors.