BleepingComputer has discovered a fake SMS app with 100,000 downloads on the Play Store Secretly acts as a message relay for the account creation service On Google, Microsoft, Instagram, Facebook and Telegram.
Infected devices are rented out as “virtual numbers”. To transmit the unique access code used to verify the user when creating new accounts.
Even though the Simu app has an overall rating of 3.4 out of 5, it is true that many users are complaining that Fraud is done by hijacking the phone and generating multiple OTPs (one-time password) upon download.
After installation on the device, application Request access to send and read SMS, On the first screen, the victim is asked to provide their phone number, and thereafter, it is overlaid with a fake loading screen that shows the progress of loading resources.
However, this process takes time, which Allows remote operators to send multiple 2FA SMS texts (two-factor authentication) for creating accounts on various services, reading their content and forwarding it to operators.
When the ‘process is complete’ the app will freeze and It will never reach the promised SMS interfaceTherefore, there are chances that users will uninstall it. At that point, Cymu may have already accessed the Android users’ phone numbers. Create fake accounts on various online platforms,
BleepingComputer adds that the Cymu application was also discovered by Maxime Ingrao (Avina security researcher)Still available on Play Store,
sign up for us News bulletin And get the latest technology news in your inbox.