Trojan-SMS.AndroidOS.FakeInst.ef actually targets users in 66 countries, but has finally landed on US shores. According to Kaspersky, FakeInst disguises itself as an application for watching porn videos, and is capable of sending messages to premium-rate numbers. Once installed on the phone, the trojan can intercept incoming messages and then perform various actions, including steal messages, delete them or even respond to them.
As well as sending unauthorized text messages that cost around $2 each, the trojan can send an SMS from an infected device with a preset text to a number specified in a command and intercept incoming messages.
“The geographical spread of SMS Trojans has significantly widened in recent times,” said Roman Unuchek, senior malware analyst at Kaspersky Lab, in an emailed comment. “Two years ago, it was unusual to see this sort of malware outside the CIS, but by the beginning of 2014, users in 66 countries had encountered the Trojan AndroidOS.FakeInst.ef, including in North and South America as well as Europe.”
FakeInst was detected by Kaspersky Lab back in February 2013, originating from the Russian uunderground. Since then, 14 various versions of it have emerged. The earlier versions were only capable of sending messages to premium-rate numbers in Russia. But by mid-2013 other countries appeared on the “support list.” most Trojan-SMS.AndroidOS.FakeInst.ef infections were in Russia and Canada.
Unuchek added, “It appears that the cybercriminals have built up sufficient resources to expand their illegal business on a global scale.”