Security News > 2022 > November > This Malicious App Abused Hacked Devices to Create Fake Accounts on Multiple Platforms
A malicious Android SMS application found on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook, Google, and WhatsApp.
This is achieved by using the phone numbers associated with the infected devices as a means to gather the one-time password that's typically sent to verify the user when setting up new accounts.
"The malware asks the phone number of the user in the first screen," security researcher Maxime Ingrao, who discovered the malware, said, while also requesting for SMS permissions.
The data collected by the malware is exfiltrated to a domain named "Goomy[.]fun," which was previously used in another malicious application called Virtual Number that has since been removed from the Play store.
The app's developer, Walven, has also been linked to another Android app known as ActivationPW - Virtual numbers that claims to offer "Virtual numbers to receive SMS verification" from more than 200 countries for less than 50 cents.
According to Ingrao, Symoo and ActivationPW represent the two ends of the fraudulent scheme, wherein the phone numbers of the hacked devices that have the former installed are employed to help users buy accounts through the latter.
News URL
https://thehackernews.com/2022/11/this-malicious-app-abused-hacked.html