VirusRiskware/InfiniteSms!Android
Analysis
Riskware/InfiniteSMS!Android is a riskware targetting Android mobile phones.
Once launched, the application sets the value of the SMS messages that can be sent from the phone to a very high value and can hence allow the user to send out a number of SMS messages from his/her phone.
Technical Details
The application comes in the form of packages 'com.dylanmtaylor.infinitesms' under the name 'InfiniteSMS' (refer Fig 1)
Fig1. Application icon
Once launched, the user is asked for a confirmation to remove the SMS sending limit on the phone (refer Fig 2)
Fig2. SMS limit removal confirmation
If the user agrees, the application checks if the phone is rooted. If yes, the user is asked for yet another confirmation to remove the SMS limit (refer Fig 3)
Fig 3. Second confirmation
If the user agrees, the value of 'sms_outgoing_check_max_count' in the phone's settings (stored in the database '/data/data/com.android.providers.settings/databases/settings.db') is set to 999999999 and the phone is rebooted.
Thereafter, a large number of SMS messages can be sent from the phone without a warning notification displayed on the phone.
Recommended Action
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
| FortiGate | |
|---|---|
| Extended | |
| FortiClient | |
| FortiAPS | |
| FortiAPU | |
| FortiMail | |
| FortiSandbox | |
| FortiWeb | |
| Web Application Firewall | |
| FortiIsolator | |
| FortiDeceptor |