A malicious Android-based Symoo app found on Google Play Store has been hijacking devices and gaining unauthorized access to subscribe and make payments to other apps and games. Researchers from Evina published a report that highlighted how this app showed on top on Google Play Store and also appeared as ranking in the number one position. So far, the highest impacted victims are from India followed by Pakistan, Algeria, and Morocco.
Details about the Symoo app
Over 100,000 Indians have downloaded this app while looking for a credible messaging service besides other services such as Whatsapp. However, the Symoo app carries several functions in the background without the knowledge of the device owner. Symoo advertises itself as a messaging app and ranks in the first position in several countries. This is likely why it has been downloaded by unsuspecting users with Pakistan showing 9000 installs, Algeria with 3000, and Morocco with 1000.
The malicious activities by the Symoo app
The Symoo app shows nearly no activity on the screen while the user is playing a game or accessing another app. It gains access to the phone number and copies the messages including the one-time-passwords meant only to be viewed by the legitimate user. This way, the Symoo app has been used as a service by several cybercriminals to launch a cyberattack and increase its reach in the targeted devices. It has been making payments to other apps and games while making a commission out of it.
The malware used in Symoo which has a rating of 3.4, works in the background with a fake app loading screen on top. It conducts malicious activities in seconds and then freezes according to its need. Several users have complained about it and the researchers have also reached out to Google to address this spam service. However, no reply has been received. A major concern is that this app breaks the barrier of multifactor authentication as it can copy and send one-time passwords to servers managed by cybercriminals.
They have also used this option to create several illegal accounts on social media apps such as Viber, Twitter, Google, Facebook, and Telegram by taking the passwords reaching the messaging service on the device. Cybercriminals have been known to buy fake accounts for other malicious activities and even remain anonymous thereby helping them not appear suspicious or be detected. They can buy phone numbers based on the location of the first hacked phone number. Some of the countries targeted thus include Colombia, Tanzania, Egypt, and Nepal.
Image showing the Symoo app on the play store and its accessing the message service to create fake accounts (Source: Evina)