This is the case of a new app for devices Android related to sending messages SMS to other smartphones, which currently has more than 100,000 downloads and which uses people’s phone numbers to open accounts in different services on-line.
Symoo, as the free download platform is called, describes itself as a app of messages SMS “Easy to use”. However, what it actually does is generate messages of authentication to achieve the unauthorized creation by the user of profiles in Google, instagram, Telegram Y Facebook.
How Syppo works
The platform, which has already been withdrawn from the store Google Play Storerequested a permission to access messages SMS to be able to manage them within the device.
However, its true purpose was to generate multiple one-time passwords, as well as access keys. authentication factors used for profiling in other social networks and online services.
According to the research team of the company cybersecurity Evina, who was in charge of carrying out the report of the application before Googleindicated that prior to its withdrawal from the application store, Symoo had a qualification in the platform of downloads with a rating of 3.4 out of 5 and a wide variety of reviews negative.
The procedure platform to steal the data of users was as follows: once the person accepted the application’s request for permission to read and manage the messagesyou must provide a number of telephone Of the device.
At the end of this step, the team evina indicates that a screen of false uploading to users that actually serves to give cybercriminals, who operate this application remotely, enough time to read each SMS and generate messages authentication of two factors as part of the registration process in other services.
According to the security company, the numbers of telephone of users become “numbers virtual” that can be rented by external actors and the inbox of SMS becomes filled with confirmation messages for the creation of accounts on other websites not authorized by the original user of the device.
Once the registration process in these accounts unauthorized external sources, the application freezes and stops working properly so the users affected can proceed to uninstall it, but this does not eliminate the accounts generated by the cybercriminals using their data personal extracted
Even with the absence of this malicious platform in the Google Play Store, it is recommended that users do not download applications with a low number of stars in the reviews. In addition, it is preferable that a review of the comments negatives registered in the store of applications to know the reason for the low preference by other people.
On the other hand, it is also not recommended for users to download Applications related to functions already possessed by the smartphone on your own without spending data or storage within device.