Android Malware: Samsapo.A, the new threat by SMS

image credit - welivesecurity.com

A new threat came from Russia, and called  Samsapo.A which, in an entirely unnoticed, would have access to the Address Book and the Posts of the target device, initiating a process of viral spread by automatically sending an SMS infected, towards all your contacts, trying to infect their devices, while the SIM of the original victim, for the task, should, regardless the tariff plans, you have exhausted your credit.

Slovakian security firm, ESET has discovered this interesting Android malware, called Android/Samsapo.A that spreads via SMS. It sends the message says " This is your photo? ", in Russian, with a final link to download a package apk containing the virus , which is usually installed on an automatic basis appearing later in the list system applications, such as a utility " com.android.tools.system V1.0 ", and has no user interface or icon in the app-drawer. 

Here are a few additional details about the threat:

• It tries to appear as a system utility (the package name is “com.android.tools.system v1.0″)
• Has no GUI and no icon in the application drawer
• Acts as a downloader: can download additional (malicious) files from specified URLs
• Acts as spyware: can upload personal information from the device, including phone numbers and text messages, to a remote server
• Acts as an SMS-trojan: register the phone number into a premium-rate service
• Can block phone calls
• Can modify alarm settings

The malware seems to be created very recently, because the domain it drops files to has been registered just a few days ago, on April 24, 2014. The worm is targeted mostly against Russian Android users. Users can protect themselves effectively if they:

• Restrict the installation of applications from unknown source
• Stay alert and don’t fall for common social engineering tricks
• Use an updated anti-malware solution on their Android device    said robert lipovsky, Security Intelligence Team Lead ESET