Back in June, a nifty little worm hit Android. It went by the name of Selfmite, and once a phone was infected, it would send text messages to the first 20 entries in the phone’s address book. The text message would be inviting the users friends to click a link, which would then download Selfmite to that phone, and so on.
The goal of Selfmite was to generate revenue for the creators by installing apps on the phones. The creators were paid for each install of the these apps. Originally, the app was Mobogenie, which is a legitimate app and presumably was not aware it was part of a worm infecting Android devices. Ultimately Selfmite was easily defeated in a very simple way. The app used goo.gl URL shortened links, and Google simply disabled the links. And one more piece of Android malware came and went.
Not so fast though! Selfmite is back with a new version! This time, Selfmite.b as it is being called, is quite a bit more… viral. Selfmite.b is still spread the same way, a user will receive a text from a contact’s infected phone, inviting them to a link. The user then has to click the link and allow the download to take place. You’d think that would be enough to kill the worm wouldn’t you? Why would someone click it? Obviously common sense will stop it from spreading right? Sadly no. Within the first 10 days of the discovery of Selfmite.b a whopping 150,000 text messages from more than 100 infected devices. Selfmite.b operates slightly differently than the original Selfmite.
Selfmite.b does not just message the first 29 people in the address book, it sends messages to everyone of the contacts on a loop, sending on average 1,500 messages per infected phone. And the creators of Selfmite.b have done something Android users can’t seem to do, they’ve learned from their mistake. This time, they’ve made it so Selfmite.b will periodically download a new shortened URL from a third party server, meaning that when one URL is discovered and taken down, they will merely move on to another.
Once again, aren’t you glad you own a BlackBerry?