The Trojan was first spotted in February 2013 and over a dozen new versions have been released since then.
The first variants were only designed to send SMSs to premium rate numbers in Russia. However, cybercriminals kept adding more and more countries to the list, until they reached 66.
While most of the infections have been observed in Russia and Canada, countries like the US, Germany, Lithuania, France, Finland, Norway, Ukraine, the UK, Malaysia, Hungary, Switzerland, Indonesia, Spain, Israel, Portugal, Ireland, China, the Czech Republic, the Netherlands, New Zealand, and Brazil are also impacted.
Cybercriminals distribute the Trojan by disguising it as an app that allegedly allows users to access adult videos.
The configuration file contains a list of phone numbers and prefixes. Based on the victim’s location, messages are sent from the infected devices to premium rate numbers. For each message, victims are charged around $2 (€1.5).
In addition to sending SMSs, the malware is also capable of intercepting incoming text messages.
Experts believe the threat has been developed by Russian-speaking cybercriminals.
Latest posts by William Fieldhouse (see all)
- A John McAfee-Backed ICO Exposed Thousands of Peoples Documents Due to Security Blunder - April 26, 2018
- Latest Hacking News Podcast #13 - April 17, 2018
- Latest Hacking News Podcast #12 - April 16, 2018