AdaptiveMobile uncovered one of the single largest messaging-initiated mobile malware outbreaks.
The malware, dubbed Gazon, which uses victims’ mobile phone contacts to propagate, sends messages to their contacts linking to offers for spoof Amazon vouchers, which when opened, installs malware to their Android device.
The attack, which went live on the 25th February and originated in the US, has infected thousands of mobile devices in more than 30 countries around the world, including Canada, UK, France, India, Korea, Mexico, Australia and the Philippines.
So far the attack has generated more than 16,000 click-throughs across multiple channels including Facebook and email, but has SMS as the primary channel for distribution accounting for over 99% of the malicious messages.
“By using the victims’ own contacts, the attack exploits peoples’ inherent trust when receiving messages from one of their own contacts. The speed with which this was able to spread round the globe shows how attackers are using mobile messaging as one of the most effective methods of distributing malware and achieving rapid global reach,” said Simeon Coney, SVP Security Practice, AdaptiveMobile.