SMS Trojan

What is an SMS Trojan?

SMS Trojans typically target premium phone numbers, which rack up charges on their phone bill. They usually go unnoticed because they operate in the background. This means SMS Trojans can stay under the radar for an extended period, unbeknownst to the owner or user of a phone.

The goal is to make money. That can be achieved by stealing the victim’s online account credentials or signing them up for premium paid subscriptions without their knowledge or consent.

Common infection ways

SMS Trojans can enter a mobile phone when an app containing malicious code is installed. Below is a list of common ways to infect SMS Trojans:

• Apps with fake download links
• Malicious apps with fake names
• Legitimate apps recompiled with malicious code.

Malicious apps can be downloaded from a website or a third-party app store. The websites are set up to spread Trojans. They’re also known as Trojan downloaders. After a malicious app is installed, the Trojan hides on your phone and attacks it over time.

Type of SMS Trojans

There are various kinds of SMS Trojans:

• Faketoken is a fully-fledged banking Trojan dating back to 2014, which makes it a huge cyber threat. But it can also imitate other apps with payment functionalities, like Google Pay—basically, any app that allows Faketoken to steal bank account information. Faketoken mostly messages international phone numbers at the cost of the victim, which means the costs can be quite high. Over the years, Faketoken started sending out bulk offensive messages, which was previously unheard of.
• Trojan-SMS.AndroidOS.Foncy dates back to September 2011. It sends four text messages to premium phone numbers in Canada and Europe. Here’s how it works: it infects your phone when you download a malicious app that monitors calls and text messages. When you open the app, you receive a notification that it isn’t compatible with the Android version installed on your phone and then depletes your mobile account. Once it has been installed, the file hosting name “SuiConFo.apk” appears on your Android phone’s main menu.
• SMSFactory makes money by making calls and sending messages to premium-rate phone numbers. Victims are spread across the world—including the US, Spain, France, Russia, Argentina, Brazil, Ukraine, Turney, and more. The SMS content contains the account numbers of the people who intended to receive the money. As you can imagine, victims can incur high costs in the form of phone bills, up to $7 weekly. Another version of the Trojan includes extracting the phone numbers of potential victims from another victim’s phone contacts. SMSFactory is sent through malvertising, website alerts, and push notifications on harmful websites.

Consequences of an SMS Trojan infection

While SMS Trojan horse attacks can go unnoticed, that doesn’t mean they don't have a negative impact on your phone. Here are the implications of an SMS Trojan on Android and iOS devices:

• Getting billed for expensive SMS services without your consent
• High phone bills, especially where international numbers are targeted.

How to protect your device from an SMS Trojan

The good news is that you can help protect your phone from SMS Trojans by following our tips below.

• Use official app stores
• Disable or limit the use of premium SMS
• Install antivirus on your mobile device
• Be careful

Use official app stores

Using official app stores is the most important step in protecting yourself against SMS Trojan attacks. That's because official app stores like Google Play and the App Store offer the security of safe apps that have been vetted and approved for listing.

Disable or limit the use of premium SMS

Given the cybersecurity threat associated with premium SMS, it isn’t worth the risk. Disable these features on your phone and your children’s phones to prevent infection. It’ll help you get a better handle on phone charges. Learn how to prevent smishing attacks as an extra precautionary measure.

Install antivirus on your mobile device

An antivirus tool for Android users and iOS users can help detect and block some of these threats before they cause harm. Keeping your device protected also means being mindful of tracking apps or hidden spyware that could monitor your activity without your knowledge.

To strengthen your security even further, adding a spyware scanner can help detect threats that traditional antivirus tools might miss. Clario Anti Spy scans your phone for hidden spyware, suspicious permissions, and vulnerabilities that could put your data at risk.

• On Android, you can use Spyware scan to check for hidden tracking apps or suspicious permissions that could be spying on you.
• On iPhone, you can run Device system check to detect jailbreaks or security risks that could make it easier for attackers to bypass Apple’s protections.

We’ll show you how to use them below.

How to use Spyware scan on Android:

1. Download and open Clario Anti Spy on your phone.
2. Tap Spyware scan in the main menu.
3. Run a Scan to check for hidden spyware or suspicious apps.
4. Follow the steps to remove any detected threats.

How to use Device system check on iPhone:

1. Open Clario Anti Spy on your phone.
2. Tap Device system check in the main menu.
3. Run a Scan to detect jailbreaks or security vulnerabilities.
4. Follow the recommendations to secure your device.

Be careful

Avoid downloading apps from unverified sources and third-party app stores. Always check the reviews, keeping in mind that some companies pay for good online reviews.

SMS Trojans are just one type of Trojan horse. Learn how to prevent Trojan horse attacks.

Conclusion

Malware is widespread, and SMS Trojans are no different. Consider the financial impact of falling victim to an SMS Trojan attack, not to mention when you catch it after months of infection. Protect your phone from SMS Trojans and other malware attacks by following the tips listed in our guide.

For added security, use Clario Anti Spy to check your phone for apps that might be spying on you or security gaps that make your device easier to exploit.