As a platform, Android is naturally very attractive to the criminal fraternity in terms of potential profitability. After all, it has the market share and that nearly always means it has large numbers of users for whom the word security may as well be written in the Cyrillic alphabet. My analogy assumes, of course, that those are users not familiar with this particular script and I used it for good reason: new worms coming out of Russia are posing a threat to Android users.
Denis Maslennikov, a security analyst with AdaptiveMobile, has discovered a previously unknown worm called Selfmite. This comes hot on the heels of another Android worm called Samsapo which uses the old monetization chestnut of premium rate SMS message sending.
The Selfmite loader spreads using SMS as a transport mechanism, and once the malicious app is installed the worm itself propagates by sending a text message to users in the address book of the phone that has been infected rather than by doing the premium rate thing as you might expect. So how does Selfmite realise a profit?
Well, the messages it sends encourage users to install a legitimate app by way of an advertising platform which pays the worm author a small commission for every app installation. According to Maslennikov the worm is out in the wild, and unlike Samsapo which was largely targeted at Russian users, it has already been seen to be active on North American operator networks.
"SMS worms for Android smartphones have previously been rare, but this and the recent Samsapo worm in Russia may indicate that cybercriminals are now starting to broaden their attacks on mobile phones to use different techniques that users may not be aware of" Maslennikov warns.
AdaptiveMobile has contacted Google and the malicious URL has been disabled, but that doesn't mean more will not surface or are not already out there of course.