Android users, beware! Text message stealing malware is targeting smartphones to gain access to users' data

A new malware campaign has just been outed and it's targeting Android devices in the sneakiest of ways.

According to a new report from ZLabs researchers at the mobile security company Zimperium, there's a massive SMS stealer campaign spreading across the globe that's gaining access to Android users' devices and stealing their sensitive information before sending it to bad actors for financial gain.

How are they doing this? By tricking users with fake app download pages or through Telegram bots that provide false promises of free Android apps.

A massive SMS stealer campaign

The hackers' initial encounter with a potential victim begins mostly in one of two ways.

Some victims were served with a fake app advertisement on a malicious webpage. Users who are tricked by the ads are taken to a page that mimics a legitimate Android app download link. The software, of course, isn't the advertised app. Instead, It's malware that prompts users to inadvertently give it permission to read their SMS messages.

Another way the SMS stealer campaign is targeting victims is through Telegram bots. Zimerium researchers say it discovered "roughly 2,600 Telegram bots" that lured victims into believing they were being offered pirated Android apps for free. Victims would be asked for their phone number in return for the app. However, the downloads they actually receive are "unique malicious applications disguised as legitimate APKs."

Once these bad actors gain access to the device, they're able to use the victim's personal data for financial gain. The text message access of this malware campaign is especially heinous. It potentially provides these malicious actors with OTPs, or one-time passwords, that are often required by banks and other financial institutions to verify a user's access.

Zimperium researchers say that they have been tracking this SMS stealer campaign for nearly two and a half years. Over that time period, researchers say they have seen "over 107,000 malware samples" connected to the campaign, showing how the bad actors behind this malicious software have been constantly updating their campaign so it stays effective.

And it seems like these hackers have found success.

Researchers claim that the SMS stealer campaign has claimed victims in 113 countries. The majority of the victims appear to be in India and Russia. However, there are also a significant number of victims in Brazil, Mexico, the United States, Ukraine, and Spain.

Android users should be aware of this malicious campaign and beware of any download links promising free app downloads. 

In a statement provided to Mashable, a Google spokesperson recommended that Android users utilized its Google Play Protect feature to avoid malware infecting their device.

"Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services," said the Google spokesperson. "Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play."

UPDATE: Aug. 2, 2024, 4:23 p.m. EDT This piece has been updated to include a statement from Google.