We stand with Ukraine to help keep people safe. Join us

Tags Secure Inbox

SMS Trojan

Your phone bill is skyrocketing, but you can’t figure out why. You keep a good handle on outgoing calls and haven’t texted more than usual. There’s a possibility your mobile phone has been infected with an SMS Trojan. We recommend using the Clario Antivirus tool to scan your phone for vulnerabilities and start the process of detection, elimination, and protection against possible threats.

Table of contents

What is an SMS Trojan?

SMS Trojan definition

An SMS Trojan is a type of malware that sends and intercepts text messages on a mobile phone, usually an Android phone. You cannot receive a Trojan virus on an iPhone message unless you download a malicious application from the internet.

SMS Trojans typically target premium phone numbers, which rack up charges on their phone bill. They usually go unnoticed because they operate in the background. This means SMS Trojans can stay under the radar for an extended period, unbeknownst to the owner or user of a phone.


The goal is to make money. That can be achieved by stealing the victim’s online account credentials or signing them up for premium paid subscriptions without their knowledge or consent.

Common infection ways

SMS Trojans can enter a mobile phone when an app containing malicious code is installed. Below is a list of common ways to infect SMS Trojans:

  • Apps with fake download links
  • Malicious apps with fake names
  • Legitimate apps recompiled with malicious code.

Malicious apps can be downloaded from a website or a third-party app store. The websites are set up to spread Trojans. They’re also known as Trojan downloaders. After a malicious app is installed, the Trojan hides on your phone and attacks it over time.

Type of SMS Trojans

There are various kinds of SMS Trojans:

  • Faketoken is a fully-fledged banking Trojan dating back to 2014, which makes it a huge cyber threat. But it can also imitate other apps with payment functionalities, like Google Pay—basically, any app that allows Faketoken to steal bank account information. Faketoken mostly messages international phone numbers at the cost of the victim, which means the costs can be quite high. Over the years, Faketoken started sending out bulk offensive messages, which was previously unheard of.
  • Trojan-SMS.AndroidOS.Foncy dates back to September 2011. It sends four text messages to premium phone numbers in Canada and Europe. Here’s how it works: it infects your phone when you download a malicious app that monitors calls and text messages. When you open the app, you receive a notification that it isn’t compatible with the Android version installed on your phone and then depletes your mobile account. Once it has been installed, the file hosting name “SuiConFo.apk” appears on your Android phone’s main menu.
  • SMSFactory makes money by making calls and sending messages to premium-rate phone numbers. Victims are spread across the world—including the US, Spain, France, Russia, Argentina, Brazil, Ukraine, Turney, and more. The SMS content contains the account numbers of the people who intended to receive the money. As you can imagine, victims can incur high costs in the form of phone bills, up to $7 weekly. Another version of the Trojan includes extracting the phone numbers of potential victims from another victim’s phone contacts. SMSFactory is sent through malvertising, website alerts, and push notifications on harmful websites.

Consequences of an SMS Trojan infection

While SMS Trojan horse attacks can go unnoticed, that doesn’t mean they don't have a negative impact on your phone. Here are the implications of an SMS Trojan on Android and iOS devices:

  • Getting billed for expensive SMS services without your consent
  • High phone bills, especially where international numbers are targeted.

How to protect your device from an SMS Trojan

The good news is that you can help protect your phone from SMS Trojans by following our tips below.

Use official app stores

Using official app stores is the most important step in protecting yourself against SMS Trojan attacks. That's because official app stores like Google Play and the App Store offer the security of safe apps that have been vetted and approved for listing.

Disable or limit the use of premium SMS

Given the cybersecurity threat associated with premium SMS, it isn’t worth the risk. Disable these features on your phone and your children’s phones to prevent infection. It’ll help you get a better handle on phone charges. Learn how to prevent smishing attacks as an extra precautionary measure.

Install antivirus on your mobile device

Cybercriminals use malware for tracking and spying purposes, over and above the financial motivation. Antivirus software helps to prevent this by keeping your phone virus-free. Clario AntiSpy offers a reliable Antivirus tool to Android users. It checks your phone for threats regularly and eliminates them.  


For iPhone users, we recommend downloading the Clario AntiSpy desktop version to be able to run an in-depth security scan on your iPhone.  

Be careful

Avoid downloading apps from unverified sources and third-party app stores. Always check the reviews, keeping in mind that some companies pay for good online reviews.


SMS Trojans are just one type of Trojan horse. Learn how to prevent Trojan horse attacks.


Malware is widespread, and SMS Trojans are no different. Consider the financial impact of falling victim to an SMS Trojan attack, not to mention when you catch it after months of infection. Protect your phone from SMS Trojans and other malware attacks by following the tips listed in our guide. Don’t neglect to use Clario’s Antivirus tool to keep viruses at bay and stay protected 24/7.

Keep reading

Keep SMS Trojans out of your phone with Clario’s Antivirus tool.

Get started