4 Cybercriminals from Vietnam arrested for using SMS malware to earn $100,000


Image Credits: Hanoimoi
Vietnam Police have arrested four individuals accused of stealing approximately $100,000 by infecting more than 100,000 mobile devices with a premium-rate SMS sending virus.

The suspects are identified as 23 year old Ha Xuan Tien, 24-year-old Nguyen Duc Luc, 25-year-old Nguyen Van Tu, 29-year-old Tran Ngoc Hai, according to Tuoitrenews.

The malicious applications which was used by suspects to infect users are said to be distributed via websites like "soundfest.com.vn", "clickdi.com". 

Once the malicious application infects a smart phone, the app will automatically send SMS messages to premium rate numbers.  Premium rate numbers allows the owner to earn money from incoming calls and SMS.

The victim will lose 15,000  Vietnamese Dong($0.71 in USD), after each message is sent from their device to these premium rate numbers.

Using this method, the cyber criminals manged to earn more than 2.1 Billion Vietnamese Dong($98,700 in USD) since late 2013.

SMS Trojans target users from a number of European countries and Canada

Denis @Kaspersky Lab discovered a SMS Trojan that target users from a number of European countries and Canada.  According to the messages found on Internet forums, the first infections were reported in early September.

One of the Victim downloaded an application to monitor his own messages, calls and traffic. After launching this application , it displayed message that it was not compatible with the user’s Android version. And then the user’s mobile account was emptied.  This app turned up to be an SMS Trojan which sends 4 SMS messages to premium rate numbers. Kaspersky detect it as "Trojan-SMS.AndroidOS.Foncy" malware.

The main menu of smartphone after the infection:


This Trojan is distributed via a file hosting website with the name "SuiConFo.apk".

There are 2 main malicious classes of this Trojan: ‘MagicSMSActivity.class’ and ‘SMSReceiver.class’. The first is mainly responsible for sending SMS messages, while the second is used to hide incoming messages from specific numbers.

"Unfortunately, today SMS Trojans are one the easiest ways for cybercriminals to make easy money fast. Malicious use of premium rate SMS services is spreading around the world, and I’m pretty sure it’s not going to stop any time soon. We’ll keep you posted. " said Denis