Careful, the Next Premium SMS Offer You Subscribe to May Be Malicious
Avast recently reported that SMSFactory Android Trojan has affected around 165,000 users worldwide.1 But so far, only a few digital properties have been publicized as indicators of compromise (IoCs).2
If you don’t want to lose as much as US$336 a year to cybercriminals, our detailed threat research materials may be able to help.
Our deep dive into the threat revealed that:
- The threat actors behind SMSFactory Android Trojan typically used newly registered domains (NRDs).
- The domain IoCs resolved to three unique seemingly dedicated IP addresses.
- Close to 200 domains shared the IoCs’ IP addresses, three of which have been dubbed “malicious.”
- Almost half of the possibly connected domains hosted the same content as the three malicious web properties identified.
- Nearly 1,200 domains shared common strings with the IoCs, four of which are already considered malicious.
Download a sample of the threat research materials now or contact us to access the complete set of research materials.
-  https://blog.avast.com/smsfactory-android-trojan
-  https://otx.alienvault.com/pulse/629c7c22660f94c3764f9e6a