Author

Topic: RuMMS: Android Malware Attacking Users In Russia Via SMS Phishing (Read 222 times)

legendary
Activity: 1049
Merit: 1006
RuMMS: The Latest Family of Android Malware Attacking Users in Russia Via SMS Phishing

https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html

FireEye, a U.S. network security company, uncovered a new Android malware family infecting smartphones in Russia through SMS phishing

Recently we observed an Android malware family being used to attack users in Russia. The malware samples were mainly distributed through a series of malicious subdomains registered under a legitimate domain belonging to a well-known shared hosting service provider in Russia. Because all the URLs used in this campaign have the form of hxxp://yyyyyyyy[.]XXXX.ru/mms.apk (where XXXX.ru represents the hosting provider’s domain), we named this malware family RuMMS.

To lure the victims to download the malware, threat actors use SMS phishing – sending a short SMS message containing a malicious URL to the potential victims. Unwary users who click the seemingly innocuous link will have their device infected with RuMMS malware. Figure 1 describes this infection process and the main behaviors of RuMMS.

Jump to: