Android Alert: Selfmite spams all your contacts through SMS

Texters beware: there’s a new variant of the Selfmite Android malware that aggressively circulates through SMS. Unlike earlier incarnations, however, Selfmite is now able to spam every single person in your contacts list through SMS messaging, in a continuous loop. This means that if you become infected, and you don’t have unlimited SMS messaging as part of your monthly plan, you could end up footing a very large bill.

How does Selfmite get on your Android?

Selfmite is an Android worm that spreads through spam. Though its origin is unknown, the malware is now spreading through malicious shortlinks sent from one infected Android to another uninfected Android. If an uninfected user clicks on a received link, they are brought to a website that asks them to download an APK file. This file is Selfmite, and if you proceed with installation you will become infected.

What happens when you’re infected?

Once a device is infected by Selfmite, it will automatically begin to spam every single person in the device’s contact list with links to download the malware, and it will continue to do so in a loop. Reports indicate that, on average, infected devices send about 1,500 Selfmite messages. In addition to worming itself among your friends, the malware also installs two new icons on your home screen. Both icons lead to websites of legitimate pay-per-install products. If you go to one of these sites and install an app, the distributors of Selfmite make a small profit. Ultimately, this small profit multiplied by 1000s of infected users is what Selfmite’s authors are after.

How can I keep my Android Selfmite-free?

Selfmite currently has a global reach. The original shortlinks that were used in its spam were created using GoDaddy’s x.co shortener, however GoDaddy has become aware of this abuse and has disabled the malicious links that were in use. This latest variant of Selfmite is flexible, though. Spammed links can be changed remotely through a configuration file, at any time. This means that Selfmite is still an active threat.

To avoid infection, avoid clicking on mysterious shortlinks received through SMS. In general, it is also good practice to avoid installing any APK that comes from an unknown source, such as the one proffered by Selfmite. If you believe you have become infected by Selfmite, please don’t hesitate to contact Emsisoft Support. As a courtesy to your contacts, you may also want to consider turning off your device until malware removal begins, or at least warn your friends of incoming spam.

Users running Emsisoft Mobile Security are automatically protected from this threat.

Have a great (mite-free) day!

For more information on Selfmite, see this article from PCWorld.