The unsuspecting victims receive a SMS message which tells them that their system is at risk and they should install the latest Android update. But the link provided isn’t for a new firmware update but in fact for a malicious app. The problem with text messages is that they are very common place and have a high read rate (meaning that most people read every message they receive), coupled with the fact that users seem to trust text messages, it means that victims all too easily follow links sent via text message.
Once the link is followed and the app is installed, Updtbot talks with the C&C server and awaits instructions. It is likely that the cyber criminals will attempt to make money from this malware by causing the infected phone to call premium rate numbers or send text messages to premium rate services. There is also the possibility that they will attempt to install other malware on the device including banking trojans and key loggers.
According to the research done by the NQ Mobile Security Research Center, over 160,000 Android devices have been affected by UpdtBot. However it looks initially as if these infections are mainly on Chinese mobiles. There are no current reports that the malware has made its way into Google Play or the Amazon Appstore.
Stay safe
It is important to use common-sense when installing apps on your device and when following links sent by email or SMS. In particular:
- Never follow links in emails or SMS messages from untrusted sources.
- If an offer (called the link bait) sounds like it is too good to be true, it probably is.
- Download apps from trusted app markets, and always look at the reviews and ratings.
- Be on the look out for strange charges to your phone bill.