Immediately thereafter, according to Metro.uk, “The application installs the application Tor and then sends an automated text message to a number in Iran saying, ‘Thank you.’” Truly terrifying.
Heimdal believes that this malicious text has been sent to over 100,000 in Denmark alone, and it is yet unclear as to whether residents of other countries have received the message. That said, there appears to be one small caveat to the text’s effectiveness — if the phone’s language is set to Russian, the dangerous app will not install.
The implications of this sort of uninvited administrator access to your smartphone are serious, Heimdal points out. Given that your phone is used to verify two-factor authentication mechanisms (often considered one of the more secure forms of protection), ceding control of your phone to a hacker can lead to identity theft, and thereafter, property theft.
“Attackers can open a backdoor into Android smartphones, to monitor and control them as they please, [and] read SMS messages,” the security firm says. This means hackers “can also read authentication codes sent as part of two-factor authentication mechanisms, used also by online banking apps and e-commerce websites, and use their full access to Android phones to basically manipulate the device to do whatever they want.”
So what can you do to protect yourself? Don’t set your phone to Russian, first of all (unless you read the language, of course). Instead, Heimdal suggests, “NEVER click on links in SMS or MMS messages on your phone. Android phones are notoriously vulnerable and current security products dedicated to this OS are not nearly as effective as they are on computers.”
Editors' Recommendations
- What they don’t tell you about wearing a camera on your face
- Don’t update your Google Pixel phone — you might break it
- No, you really don’t need Google Assistant on your smartwatch
- Don’t buy the Pixel Tablet; get this cheaper Android tablet instead
- Why I don’t want to stop using the brilliant (but risky) Pixel 7 Pro
