The problem of inadequate security and vulnerability on the Android platform has been dogging the minds of analysts and followers of this platform for some time now. Right from the time Avast made its disclosure about the ‘factory reset’ not being effective and data retrieval from used phones was possible, Google has been trying to tighten up security on this flexible platform.
Discovery of the SmsPay
It is therefore with some worry that the flagging of a mysterious app called the ‘SmsPay’ is being reported and users are being asked to be cautious. There is sufficient indication this app can actually be malicious and is certainly not what it appears to be.
Origin and its impact
This app has been traced to Russian servers but has its impact on any user of the Android platform. It is a modified version of the Go Launcher which is perfectly safe and available as a legitimate version on the Google Play Store. The similarity however ends there. The SmsPay has some extras that users would not want. As per Malwarebytes, this app links to many pay-per-install applications automatically. That would benefit the developer of SmsPay every time somebody installs any of the apps he or she has been directed to.
The issue with PUPs or Potentially Unwanted Programs
This app falls under the category of PUPs. They may not cause a lot of harm but are definitely not useful to the user. It is also pretty disturbing as it can send as well as receive text messages and since typically malware creators make use of premium short codes, the victims end up paying their SMS bills.
These apps also intercept SMS and send out junk messages. Apps that trap SMS messages are also referred to as ‘banking Trojans’ and they are typically used to steal money of the user. The SmsPay thankfully does not do any of these things but that by itself is no reason to tolerate it on your mobile.
Shifty app with a different installer
This app is shifty in the sense that its installing mechanism is different and gets installed as per the browser used by the victim. The creators have been quite deceptive in naming it as Internet Explorer or Flappy Bird so as not to give the victim any inkling of the malicious intent of the app. Moreover, the creators keep using redirections to lure victims to the app and that is surely a deceptive practice.
How to keep away from this mess
The good part is that it is not difficult to keep the app away from your mobile. Usually, Android devices allow sideloading or the downloading of an app from a source different from the Google Play Store and this is turned off as a default setting. Should anybody try to install any app on your mobile, a warning is displayed and that will enable you to make the required changes to the settings. The advice is to download apps only from the Google Play Store so that you can keep these pesky apps from invading your mobile.