Do not, on pain of Android death, open this text message. A dangerous piece of correspondence, first spotted by Norwegian security firm Heimdal, is said to effectively hand the reigns of your mobile device over to malicious hackers, who can then wipe the phone clean, or worse yet, make calls or texts on your behalf. The message contains a link to an application, and the text itself reads, “You have received a multimedia message from +[country code] [sender number] Follow the link http:www.mmsforyou [.] Net /mms.apk to view the message.”
Immediately thereafter, according to Metro.uk, “The application installs the application Tor and then sends an automated text message to a number in Iran saying, ‘Thank you.’” Truly terrifying.
Heimdal believes that this malicious text has been sent to over 100,000 in Denmark alone, and it is yet unclear as to whether residents of other countries have received the message. That said, there appears to be one small caveat to the text’s effectiveness — if the phone’s language is set to Russian, the dangerous app will not install.
The implications of this sort of uninvited administrator access to your smartphone are serious, Heimdal points out. Given that your phone is used to verify two-factor authentication mechanisms (often considered one of the more secure forms of protection), ceding control of your phone to a hacker can lead to identity theft, and thereafter, property theft.
“Attackers can open a backdoor into Android smartphones, to monitor and control them as they please, [and] read SMS messages,” the security firm says. This means hackers “can also read authentication codes sent as part of two-factor authentication mechanisms, used also by online banking apps and e-commerce websites, and use their full access to Android phones to basically manipulate the device to do whatever they want.”
So what can you do to protect yourself? Don’t set your phone to Russian, first of all (unless you read the language, of course). Instead, Heimdal suggests, “NEVER click on links in SMS or MMS messages on your phone. Android phones are notoriously vulnerable and current security products dedicated to this OS are not nearly as effective as they are on computers.”