Android users, beware! Text message stealing malware is targeting smartphones to gain access to users' data

A sprawling SMS stealer campaign is utilizing Telegram bots and fake app ads to gain access to Android devices.
By Matt Binder  on 
Android logo on smartphone
A growing malware campaign is targeting Android users and gaining access to their SMS messages. Credit: Idrees Abbas/SOPA Images/LightRocket via Getty Images

A new malware campaign has just been outed and it's targeting Android devices in the sneakiest of ways.

According to a new report from ZLabs researchers at the mobile security company Zimperium, there's a massive SMS stealer campaign spreading across the globe that's gaining access to Android users' devices and stealing their sensitive information before sending it to bad actors for financial gain.

How are they doing this? By tricking users with fake app download pages or through Telegram bots that provide false promises of free Android apps.

A massive SMS stealer campaign

The hackers' initial encounter with a potential victim begins mostly in one of two ways.

Some victims were served with a fake app advertisement on a malicious webpage. Users who are tricked by the ads are taken to a page that mimics a legitimate Android app download link. The software, of course, isn't the advertised app. Instead, It's malware that prompts users to inadvertently give it permission to read their SMS messages.

Another way the SMS stealer campaign is targeting victims is through Telegram bots. Zimerium researchers say it discovered "roughly 2,600 Telegram bots" that lured victims into believing they were being offered pirated Android apps for free. Victims would be asked for their phone number in return for the app. However, the downloads they actually receive are "unique malicious applications disguised as legitimate APKs."

Mashable Light Speed
Want more out-of-this world tech, space and science stories?
Sign up for Mashable's weekly Light Speed newsletter.
By signing up you agree to our Terms of Use and Privacy Policy.
Thanks for signing up!

Once these bad actors gain access to the device, they're able to use the victim's personal data for financial gain. The text message access of this malware campaign is especially heinous. It potentially provides these malicious actors with OTPs, or one-time passwords, that are often required by banks and other financial institutions to verify a user's access.

Zimperium researchers say that they have been tracking this SMS stealer campaign for nearly two and a half years. Over that time period, researchers say they have seen "over 107,000 malware samples" connected to the campaign, showing how the bad actors behind this malicious software have been constantly updating their campaign so it stays effective.

And it seems like these hackers have found success.

Researchers claim that the SMS stealer campaign has claimed victims in 113 countries. The majority of the victims appear to be in India and Russia. However, there are also a significant number of victims in Brazil, Mexico, the United States, Ukraine, and Spain.

Android users should be aware of this malicious campaign and beware of any download links promising free app downloads. 

In a statement provided to Mashable, a Google spokesperson recommended that Android users utilized its Google Play Protect feature to avoid malware infecting their device.

"Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services," said the Google spokesperson. "Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play."

UPDATE: Aug. 2, 2024, 4:23 p.m. EDT This piece has been updated to include a statement from Google.


Recommended For You
Beware of AI tools being advertised on Facebook. They could be malware in disguise.
Facebook logo

What is text pesting? A third of young women experience this type of harassment
A woman holds a smartphone in her hands.


Nearly a quarter of iPhone users say green bubbles are a dating dealbreaker, new survey reveals
Green bubbles in texting conversation

I tried on the new large Pixel Watch 3 and it's stunning — just beware of this one thing
Woman wearing Pixel Watch 3

Trending on Mashable
Wordle today: Answer, hints for October 11
a phone displaying Wordle

NYT Connections today: Hints and answers for October 11
A phone displaying the New York Times game 'Connections.'

NYT Connections today: Hints and answers for October 10
A phone displaying the New York Times game 'Connections.'

Astronomers just found a galaxy way too advanced for its time
Galaxy forming in the early universe

'The Platform 2's twisty ending, explained
A close-up of a topless, bald man holding a lit lighter.
The biggest stories of the day delivered to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up. See you at your inbox!