Smartphone snoops have crafted a clever text-message-based attack that removes the middleman and delivers its nasty payload directly to its Android targets.
The malware, identified by researchers at NQ Mobile as "UpdtBot," disguises its malicious intentions by appearing as a text message telling recipients "their systems is at risk and they need to install the latest system upgrade."
It's a typical scareware tactic, tricking would-be victims into believing they need to fix their phone or computer to stave off imminent harm. But UpdtBot takes the traditional scam a step further. While most Android malware uses text messages to communicate with an attack server or to sign the victim up for expensive text-message subscription services, this text-based threat contains a link in the message; when the user clicks on the link contained in the text, he is taken to a site that automatically uploads the malware.
From there, UpdtBot can make calls, send texts, download new apps and install potentially corrupt software onto infected Android phones. So far, the malware has infected more than 160,000 Android devices, NQ Mobile said.
What's at the root of this evil weapon compromising Android devices ? As with most cybercrime, it all comes back to money.
"While we don't have any statistics on how it's being used by the cybercriminals who created it, we believe they'll attempt to make money off it," NQ Mobile wrote.
To keep your smartphone, and all the information you have stored on it, safe, never open unsolicited messages or click on suspicious messages or links. Check the ratings and user reviews before you download any app to your phone, and install mobile virus protection on your smartphone.