A recent report from Zimperium’s zLabs has uncovered a widespread and highly sophisticated Android malware campaign that has compromised more than 107,000 devices across 113 countries since February 2022. This silent SMS stealer targets one-time passwords (OTPs) from a broad spectrum of over 600 top-tier brands, posing a significant risk to millions of users’ accounts.
The malware employs a multi-faceted infection strategy, leveraging deceptive advertisements and automated Telegram bots to lure victims. Upon installation, the malicious application requests SMS read permissions, enabling it to intercept and forward OTPs to its command-and-control (C&C) servers. This stolen information is subsequently sold on cybercrime marketplaces, granting attackers the ability to circumvent two-factor authentication and gain unauthorized access to various accounts.
Significantly, the malware authors have shifted from utilizing Firebase for C&C communication to embedding C&C addresses within the apps themselves and utilizing GitHub repositories, showcasing a sophisticated evolution in their operational tactics. Zimperium’s analysis uncovered a clear financial incentive behind the malware, linking some samples to websites that facilitate the sale of stolen phone numbers and OTPs.
The alarming scale of the operation is evident, with an overwhelming 95% of the detected malware samples being either unknown or unavailable in common repositories. Notably, the campaign targeted a diverse range of global brand services, with a substantial proportion of attacks concentrated in Russia and India. The researchers identified 13 distinct C&C servers and a network of approximately 2,600 Telegram bots, illustrating the extensive infrastructure supporting this criminal endeavor.
To mitigate the risk associated with such threats, users are urged to refrain from sideloading applications from unverified sources and to exercise vigilance when interacting with links or Telegram bots. Keeping devices updated with the latest security patches is also crucial. Enterprises should prioritize the adoption of robust mobile security solutions to safeguard against such sophisticated attacks, ensuring the protection of their digital environments against evolving malware threats.
