Skip to Main Content
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

Mobile Threat Monday: Fake Android Update Hijacks Your Calls and Texts

This week, we look at a nasty app posing as an Android OS update. Don't believe its lies!

By Max Eddy
September 22, 2014
Image via Flickr user Tiago A. Pereira

The recent launch of iOS 8 saw millions of people upgrading their iPhones' operating systems (and many failing to have enough available memory to do so). It's a bit more complicated for Android users, who get their updates from Google, device manufacturers, and their wireless providers. This week, Malwarebytes shows us a malicious Android app that takes advantage of that confusion by disguising itself as a software update for your Android.

Fake Update
On its own, the malicious app isn't capable of rooting your phone. But Malwarebytes explains that it does check to see if your phone is rooted. If it is, it takes advantage of root tools and commands to operate with escalated privileges.

What can it do with those enhanced powers? Monitor incoming calls for one, in addition to text messages. It can also send text messages without your permission. Getting control of text messages and calls is scary from a privacy perspective, but it has far-reaching consequences for security. If an attacker can manipulate your texts, he can sign you up for premium SMS numbers that add charges to your wireless bill and line the attacker's pocket (or the pockets of the attacker's affiliates).

When banks and other institutions need to provide an additional layer of security, they sometimes use SMS messages to send two-factor authentication codes. We've seen some cases where advanced Android malware works with PC malware to steal bank logins without victims being the wiser. However, we can only speculate how the malware authors use these powers.

Lastly, Malwarebytes told SecurityWatch that the fake update app can also download and install additional apps. While we don't know what kind of apps it's installing, there are any number of reasons why this could be dangerous. It could, for example, install additional malware. This could let an attacker steal login information one day, and then turn infected phones into a botnet the next. Again, pure speculation, but the potential is certainly there.

Staying Safe
The researchers at Malwarebytes say they believe the malicious app originated in China and is spread through URLs in spam messages. While it's not clear if this nasty app has a target audience, it's not unusual for malware attacks like this to be highly regionalized. Either the malware is tailored for a particular group—say, customers of a specific bank—or the spam campaign that carries the malware is highly targeted.

The best way to avoid apps like this is to never install software from outside the Google Play store Android updates will come straight from Google, or your wireless provider. Updates are never pushed out through Web links. In fact, you should be very suspicious of any links sent to your phone, even if they appear to come from someone you trust.

Lastly, it's a good idea to install Android security software. There are many options available, and we recommend Editors' Choice winners Bitdefender Mobile Security and avast! Mobile Security & Antivirus.

Like What You're Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.


Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters

TRENDING

About Max Eddy

Lead Security Analyst

Since my start in 2008, I've covered a wide variety of topics from space missions to fax service reviews. At PCMag, much of my work has been focused on security and privacy services, as well as a video game or two. I also write the occasional security columns, focused on making information security practical for normal people. I helped organize the Ziff Davis Creators Guild union and currently serve as its Unit Chair.

Read Max's full bio

Read the latest from Max Eddy