fake SMS app Symoo
Crypto Trends & News

They discover a malicious SMS-sending app in the Google Play Store that steals your mobile number

The app secretly acts as a message relay for an account creation service.


Fake SMS App ‘Symoo’ Uncovered in Google Play Store – A Mobile Number Theft Scheme Revealed

BleepingComputer has discovered a fake SMS app with 100,000 downloads on the Play Store that secretly acts as a message relay for an account creation service on Google, Microsoft, Instagram, Facebook, and Telegram.

Infected devices are rented as “virtual numbers” to transmit a unique passcode that is used to verify a user while creating new accounts.

Even though the Symoo app has an overall rating of 3.4 out of 5, many users are indeed complaining that it is fraudulent by hijacking phones and generating multiple OTPs (one-time passwords) when downloaded.

After installation on the device, the app requests access to send and read SMS. On the first screen, the victim is asked to provide her phone number, and after that, it is overlaid with a fake loading screen that supposedly shows the progress of loading resources.

However, this process is prolonged, allowing remote operators to send multiple 2FA (two-factor authentication) SMS texts to create accounts on various services, read their content, and forward it to operators.

When the process is ‘completed’, the app will freeze and will never reach the promised SMS interface, therefore there is a chance that users will uninstall it. At that point, Symoo will have already used Android users’ phone numbers to create fake accounts on various online platforms.

BleepingComputer adds that the Symoo app was discovered by Maxime Ingrao (security researcher at Evina), and is still available on the Play Store.

    Leave a Reply

    Your email address will not be published. Required fields are marked *