Wontok SafeCentral Malware Bulletin
19 May 2015
Malware Family: Android.Riskware.SMSPay
Android Riskware SMSPay is mobile malware that mimics a legitimate application and requires an activation fee through SMS messaging. The potentially unwanted application or PUP also has capabilities to launch other pay-per-install applications loaded in the app once it is activated requiring pay-per-install payment transactions.
Wontok Lab Results
We observed that Wontok SafeCentral Mobile Security’s On Access and On Demand engines properly detect and remediate the malware which prevents the unwanted SMS Payments by uninstalling/deleting this malware.
Android.Riskware.SMSPay often disguises itself as a legitimate app and includes links to several pay-per-install apps the creator of SMSPay will receive payment for each time the mobile user installs one of the apps. Android.Riskware.SMSPay has been around for some time, having been first reported around 2011 and then more recently in July 2014 with Go Launcher. Nuisanceware is not likely to go away as it is prevalent in geo-regions where app stores are not regulated and newer variants have recently emerged in China copying payment and online banking applications.
About Wontok Lab
Wontok Lab is Wontok’s product test facility that consists of a team of security researchers in a controlled analysis and testing environment. Wontok Lab conducts rigorous tests specifically designed and tailored for each of Wontok’s security products.
About Wontok SafeCentral Security Solutions
With operations in the United States, Europe and Asia-Pacific, Wontok brings proven remote access and endpoint security solutions to market. Wontok designed the SafeCentral solutions to be effective against advanced malware threats on the desktop and mobile devices. SafeCentral Security Solutions includes SafeDesktop, Mobile Security, and Security Suite, all of which can be delivered via partner owned platforms or via the Wontok ONE Cloud-based VAS service delivery platform.