Jump to content
  • This malicious Android app steals your phone number — delete it right now

    alf9872000

    • 566 views
    • 3 minutes
     Share


    • 566 views
    • 3 minutes

    Receiving one-time codes from unknown services on your smartphone? This fake Android SMS app could be to blame

     

    Online services often require you to enter a one-time code sent to your mobile number in order to verify your account. However, what happens when you don’t have a phone number or live in a country where a particular app or service is banned?

     

    In this case, many users turn to virtual numbers to receive a one-time code so that they can verify their new accounts but these virtual numbers have to come from somewhere though.

     

    A security researcher at the cybersecurity firm Evina has discovered a fake SMS app for Android that secretly uses the phone numbers of those who have installed it to send out one-time codes for other users according to BleepingComputer(opens in new tab). 

    Hijacking phone numbers to help others verify their accounts

    The app in question is called Symoo and it has been downloaded over 100,000 times. At the time of writing, it’s no longer available on the Google Play Store. Still though, it has a 3.4 star rating even though many users have complained it’s fake.

     

    After being installed on a user’s device, Symoo requests permission to send and read text messages which isn’t surprising since the app’s description says it’s a “simple use sms application”. The app then asks the user to provide their phone number and a fake loading screen appears as an overlay. During this time, the creators of this malicious app send out multiple two-factor authentication (2FA) text messages to help others create and verify new online accounts.

     

    Once the fake loading screen disappears, the app freezes and those who installed it aren’t able to use it for its intended purpose. While most users then uninstall Symoo, the damage is already done since the cybercriminals behind it already have your phone number.

     

    Symoo isn’t the only app doing this as the security researcher who discovered it, Maxime Ingrao also found that SMS data extracted from it was sent to a domain used by the app Virtual Number. Just like with Symoo though, it has been removed from the Play Store.

    How to stay safe if you downloaded this fake SMS app

    MRUEsvBrdDnwpsDgw3GGzh-970-80.jpg

    (Image credit: Google)

     

    If you downloaded Symoo or any other suspicious SMS apps, you need to delete them immediately. As I mentioned before though, the damage is already done since your phone number is in the hands of cybercriminals. As such, you may want to consider changing your number if you don’t want to constantly be interrupted with one-time codes from other users trying to create accounts.

     

    At the same time, you need to be extra careful when downloading new apps onto your Android smartphone. While Google Play Protect is able to scan new apps and any installed on your device for malware, the same can’t be said for more elaborate scams like this one. For extra protection from other threats though, you may want to consider installing one of the best Android antivirus apps.

     

    When it comes to protecting your phone number, you want to avoid giving it out freely and instead of third-party SMS apps, you should use the one that came installed with your phone. While there are some reputable text messaging apps for Android, it just isn’t worth the risk of having your mobile number exposed online.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...