Premium SMS Could Be Malicious | WhoisXML API

Threat Reports

Careful, the Next Premium SMS Offer You Subscribe to May Be Malicious

Avast recently reported that SMSFactory Android Trojan has affected around 165,000 users worldwide.1 But so far, only a few digital properties have been publicized as indicators of compromise (IoCs).2

If you don’t want to lose as much as US$336 a year to cybercriminals, our detailed threat research materials may be able to help.

Our deep dive into the threat revealed that:

  • The threat actors behind SMSFactory Android Trojan typically used newly registered domains (NRDs).
  • The domain IoCs resolved to three unique seemingly dedicated IP addresses.
  • Close to 200 domains shared the IoCs’ IP addresses, three of which have been dubbed “malicious.”
  • Almost half of the possibly connected domains hosted the same content as the three malicious web properties identified.
  • Nearly 1,200 domains shared common strings with the IoCs, four of which are already considered malicious.

Download a sample of the threat research materials now or contact us to access the complete set of research materials.


  • [1]
  • [2]
Try our WhoisXML API for free
Get started