Thursday, February 2, 2023
HomeTech NewsPlay app with 100,000 downloads started to forward texts to developer server

Play app with 100,000 downloads started to forward texts to developer server

Play app with 100,000 downloads started to forward texts to developer server

Mateusz Slodkowski/SOPA Images/LightRocket via Getty Images

Google removed two apps, one with more than 100,000 downloads, after receiving a tip that they were part of an illegal scheme that surreptitiously forwarded text messages used to create fraudulent accounts on third-party websites.

The first application, called Symoo, presented itself as an easy-to-use SMS messenger. Once installed, it would ask for the user’s phone number and pretend to load the app. The app would crash on the screen while in the background copying all incoming texts and sending them to goomy[.]fun, a developer-controlled website.

The screen would freeze indefinitely, so eventually many users would likely force-quit the app and uninstall it. During the time Symoo was running, however, the developer would use the number for a paid service that would register fake accounts on websites that required SMS verifications. While the app was running, the service would register accounts using the infected phone number and copy the verification code returned by the website. In addition to sending texts associated with creating the fake account, Symoo forwarded all texts the infected phone received from other parties.

Symoo’s developer has links to a person behind another app called ActivationPW. ActivationPW worked through activation[.]pw, a website that allows people to buy accounts with infected phones.

On Tuesday, about 12 hours after a security researcher posted your findings, Google has finally removed Symoo and ActivationPW from its Play Store. The company also deleted the developer’s Play account.

A search on VirusTotal showed that goomy[.]fun was used by a Play application called VirtualNumber. It was created by the same person behind and, like Symoo, provided a way to create fake accounts using infected phones.

The developer of the VirtualNumber application is the same person who created ActivationPW, an application downloaded over 10,000 times and advertised as offering online numbers from over 200 countries.

Many sites require people who sign up for an account to provide a phone number that can receive SMS texts. The account cannot be created until the user copies a verification code sent to the phone. People looking to create accounts for bot use or fraud purposes often turn to services like ActivationPW to get around this requirement.

Anyone who has installed any of these apps should check their phones to ensure the apps have been deleted. They should also be aware that all the texts they received while the apps were open were forwarded to a server involved in illegal activities.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments