Malicious SMS app steals phone numbers from thousands of victims

vor 3 Monaten · 0 comments

The malicious application was discovered by cybersecurity researcher Maxim Ingrao, who works for Evina. It's called Symoo and has over 100,000 downloads on Google Play. According to the researcher, after installing the application, victims' SIM cards are used as "virtual numbers" to create accounts on Microsoft, Google, Instagram, Telegram and Facebook websites.

The operation of the malicious application is simple – after installation, it requests access to send and read SMS messages, which does not arouse suspicion among the victims, since Symoo is advertised as “a simple application for sending SMS”. The fun begins after installation:

And even though deceived users delete the non-working application, this does not improve the situation, because their phone number has already been used to create other people's accounts on various online platforms.

In addition, Maxim Ingrao discovered that Symoo sends SMS messages from victims’ phones to the domain used by the “ActivationPW – Virtual numbers” application, which allows the user to “rent” a phone number for 50 cents and use it to create an account on the desired site. It is worth noting that this application has already been removed from Google Play, but Symoo has not.