The Ztorg Trojan malware has been known as a rooting malware, infecting a device and gaining root access to exploit the information available within. Now Kaspersky Labs has discovered a new mutation of the Ztorg malware, and it embeds into your device to do malicious stuff with your SMS messaging system.
This new strand of the Ztorg Trojan is officially known as Trojan-SMS.AndroidOS.Ztorg.a, and it was predominantly found in two apps which were available via the Google Play Store. The first malicious app, called “Magic browser” was uploaded to Google Play on May 15, 2017 and was installed more than 50,000 times. The second app, called “Noise Detector”, was installed more than 10,000 times. Kaspersky has already reported these to Google and the offending apps have been removed.
What does this new Ztorg malware do? This Trojan-SMS can send premium rate SMS and delete incoming SMS. Once installed, the malware will contact its C&C server to get instructions. Through WAP billing, the Trojan can charge the user’s mobile account in the form of illegal subscriptions.
We’re happy that these apps are now gone, but as a user, you still have to be vigilant in installing apps that you either don’t need, or ask for suspicious looking permissions. Better to be safe than sorry and have your mobile account charged for hundreds of dollars in WAP billings.
SOURCE: Kaspersky Labs