Symantec Security Response | Spammers Getting Cheeky with "X-Ray vision" Apps to Lure Victims

Ever heard of an app that allows X-Ray vision through clothes?

The Symantec Response Team recently monitored a malicious app known as Android.Uracto that sends spam messages by SMS to phone numbers stored in the device’s Contacts. Recipients are easily tricked because the invitation to download the app is coming from someone they know rather than from an unknown sender.

The site (shown in the figure below) where the link takes the user to introduces an app called “Infrared X-Ray” that supposedly allows the user to see through clothes when viewed through the device’s camera and of course also allows pictures to be taken. Not surprisingly, the app does not work. However, once executed, details stored in the device’s Contacts are uploaded to a predetermined server.

Further investigations conducted by Symantec has led to the discovery of ten similar apps developed by the same group of spammers. The servers hosting the domains appear to be located in Singapore and in Georgia in the United States.

Though the apps look different in appearance, they can categorised into three main variants:

1.     Steals data stored in the device’s Contacts.

2.     Steals contact details but also sends SMS messages, containing a link to download the malicious app, to all the contacts.

3.     Steals contact details and attempts to scam the victim into paying for fake services.

For more information, please proceed to the following Symantec Security Response blog posts:
·         Android Malware Spams Victim’s Contacts
·         Android.Uracto Used to Trick Mothers, Anime Fans, Gamers, and More

To stay updated on cyber security threats such as the above, follow us at @SymantecASEAN.

Symantec advises users to refrain from clicking links found in messages such as emails and SMS messages from unknown senders as well as suspicious messages from known senders. Furthermore, only download apps from trustworthy vendors. Users who have installed one of Symantec’s security apps, Norton Mobile Security or Symantec Mobile Security, are protected from this threat, which is detected as Android.Uracto. For more general safety tips for smartphones and tablets, please visit our Mobile Security website.