HQ/EMEAFind out how we can help your business
The Symoo app is the newest addition to the threats that have successfully bypassed Google’s security check for Play Store. According to a researcher, the bogus application has already infected approximately 100,000 Android devices.
Symoo has a rating of 3.4 on the Google Play Store. However, the researcher explained that its operators secretly perform SMS relays for an account creation service for several websites.
This fake app is disguised as an SMS manager application, which requests access to infected devices for phone numbers and the privilege to send and read messages from the machine. Additionally, the app shows a phoney loading screen and enables its remote operators to launch multiple OTP verification requests from services like Instagram, Google, Microsoft, Facebook, and Telegram.
Subsequently, the malicious application will read the content of the SMS in the infected device and forward it to its attacker-controlled server. The actors will utilise the stolen content to create accounts on several services. Once the installation is successful, the application will freeze and will not function.
The attackers will then rent the compromised devices as a virtual number to get an OTP to verify the newly created account.
Cybersecurity experts have spotted the Symoo app sending stolen SMS information to a domain used by an app called Virtual number.
Fortunately, Google has taken down the domain to which the Symoo app sent the stolen SMS data. However, its developers have made a similar application named ActivationPW – Virtual numbers that are now downloadable on Play Store.
The newly developed app has been downloaded about 10,000 times and offers online rent numbers for a measly 50 cents from over 200 countries worldwide.
Experts believe that the Symoo app’s user could utilise it to receive and forward OTP verification codes generated when users create accounts through ActivationPW.
The existence of these malicious apps on the Google Play Store shows how threat groups and malware devs launch different methods to bypass Google’s security detection. Therefore, even if Google removes these apps from the Play Store, there will be more attempts to post compromised apps secretly.
Users should be vigilant in downloading apps even on official app stores since threat actors could now put their tools constantly.
