RuMMS: The Latest Family of Android Malware Attacking Users in Russia Via SMS Phishinghttps://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.htmlFireEye, a U.S. network security company, uncovered a new Android malware family infecting smartphones in Russia through SMS phishingRecently we observed an Android malware family being used to attack users in Russia. The malware samples were mainly distributed through a series of malicious subdomains registered under a legitimate domain belonging to a well-known shared hosting service provider in Russia. Because all the URLs used in this campaign have the form of hxxp://yyyyyyyy[.]XXXX.ru/mms.apk (where XXXX.ru represents the hosting provider’s domain), we named this malware family RuMMS.
To lure the victims to download the malware, threat actors use SMS phishing – sending a short SMS message containing a malicious URL to the potential victims. Unwary users who click the seemingly innocuous link will have their device infected with RuMMS malware. Figure 1 describes this infection process and the main behaviors of RuMMS.
