Warning from CERT-In.
By Dileep Thekkethil
BENGALURU: The Computer Emergency Response Team of India (CERT-In) has warned all Android smartphone users about the spread of a lethal Trojan virus that could hack into vital information inside smartphones and send anonymous messages to the contacts listed in it without asking for the permission of the user.
The new virus codenamed ‘Android/SMS Send’ reportedly has four different versions that can deceive users and enter inside Android smartphones to unleash its malicious program.
There was special mention about the new Android SMS Send virus in the latest recommendations released by CERT-In. It says “Android/SMS Send is a premium service abuser family malware that arrives bundled with legitimate Android applications and infects Android based smart phones.
“Once infected, it sends text messages (typically with a link to itself or a different threat) to a specific number, typically to numbers on the contact list and is also capable to send SMS to premium rate numbers.”
According to CERT-In, which is a government body under the Ministry of Electronic and Information Technology the SMS Send Trojan, once inside the smartphone, will compromise the IMEI number, device id, device type etc. and can even install spyware applications inside the smartphone without the knowledge of the users.
CERT-In has classified the new virus as one of the most ill-willed applications as it can “steals contacts and pictures, tracks the location, steals passwords, illegally accesses text messages, crashes a complete system, steals personal banking information when logged in, installs other sort of spyware and disables firewall and anti-virus program to defend itself.”
CERT-In also said that the malware is created by making alterations to the code of applications that users generally download and then redistributing it through marketplace or other channels.
The agency has directed uses to follow some counter-measures to safeguard Android phones from getting infected by the new Android/SMS Send Trojan. CERT-In suggests users not to “download and install applications from untrusted sources, install applications downloaded from reputed application market only, run a full system scan on device with mobile security solution or mobile anti-virus solution, check for the permissions required by an application before installing, exercise caution while visiting trusted/untrusted sites for clicking links, install Android updates and patches and use device encryption or encrypting external SD card feature available with most of the android OS (operating system).”
They have also advised users to abstain from using unsecured or unknown Wi-Fi hotspots and practice the habit of taking regular backup of the Android device.