It was recently identified that the fake SMS application, called Symoo (and available for Android) relays users’ messages to a malicious service that creates accounts on various sites such as Microsoft, Instagram, Telegram and Facebook. Many reviews on the Google Play Store indicated that the app was malware.
Symoo is among the most downloaded messaging apps in India with over 100,000 affected users.
The discovery was made by researcher Maxime Ingra, from Evina, a cybersecurity company, who has already reported on the malware to Google. At the time of publication of this article, Google has not commented on Symoo and the application is still available on Google Play.
“This malware’s mode of attack shows how fragile the two-factor validation payment process is. All of these steps took place without the user’s knowledge and bypassed thousands of people,” said Ingra.
In a statement, the company explained how the software works when stealing user information.
When installing it, it asks the user to enter their phone number, while a loading screen is presented, at the same time that the app runs software that steals the phone number information and intercepts the device’s SMS messages to an external server.
With the information collected, the application is able to read the messages to receive the verification code required by various sites to create the fake accounts.
Fake accounts created on platforms such as Google, Facebook, Twitter and Telegram are sold on underground marketplaces to anonymous buyers who may belong to cybercriminal organizations.
As reported by the Bleepingcomputer report, Ingrao discovered that Symoo shared the SMS with the same domain as the Virtual Number application – also available on the Google Play Store.
The developer of Virtual Number is also the creator of the Activation PW – Virtual Numbers app which offered “online numbers from over 200 countries” for account creation.
Have you watched our new videos on YouTube🇧🇷 Subscribe to our channel!