Symantec: Millions Download SMS Spoofing Codes on Google Play

Walmart text scam photo
$1000 is a lot of moolah. Image credit: concord.bbb.org
Walmart text scam photo
$1000 is a lot of moolah. Image credit: concord.bbb.org

Researchers from North Carolina State University recently published a video demonstrating how a mobile app can simulate the reception of a SMS message from a spoofed source. In a blog post on Symantec’s official blog, Symantec reportedly found SMS spoofing codes in 200 apps found on Google Play Store, with millions of combined downloads.

SMS spoofing can be used for numerous malicious intentions, including SMS phishing attacks (Smishing). Much like web phishing, the intent is usually to trick someone into revealing banking credentials or subscribing to paid services.

Symantec has not found any instances that use the spoofing code for a malicious SMSishing attack to date. It found that the principle reason to use such codes in apps is to push advertisements.

Symantec advises users to be wary of the source of any suspicious incoming text messages while Google makes changes to Android to prevent SMS spoofing. These applications may be identified by Norton Spot and any future malicious usage are detected by Norton Mobile Security.

Catch the video below:

Catch full details of the demonstration.

[ad#Google Adsense 336×280]

Vernon
Vernon is the founder and chief editor of Vernonchan.com. A graphic designer by profession, he has a deep love for technology, cars, gadgets, food, and travel. He tweets too much and is also known as a caffeine bacterium ("life's too short for bad coffee"). Bleeds Blue (go Chelsea FC!) and considers BMW, Porsche, Alfa Romeo cars to have in the garage--hallmarks of a true petrolhead.