Fortinet Blog | News and Threat Research

In a previous post, I mentioned the new scheme used by the author of Android/Fakemart to make money. Basically, the trick consisted in infecting phones to silently and automatically register to play an online quizz and then st...

Another Android malware is currently in the wild in France, as we have recently discovered. This malware poses as a Flash Player installer and steals your incoming SMS messages by forwarding them to a remote server. We have na...

While going through our regular (and never-ending) supply of malicious Android samples, we came across an interesting variant a couple of days back. Like most Android Trojans these days, the piece of malware benefits by sending...

Recently, a new trojan named Android/Fakemartcaught our attention as it is operating in France, where our EMEA labs are located. The malware poses as a Winamp Pro application or a Black Market application (Black Market is an a...

A new sample of Zitmo is out, pretending to be an Android Security Suite. Like others in Zitmo, the malware is a SMS spy: it forwards incoming SMS message to a remote server. This particular sample responds to a few basic SMS c...

Denis Maslennikov reported a new SMS trojan, Android/Mania, which emanates from France. This malware hasn’t any outstanding functionality - it silently sends SMS messages to a short number, something we only see too often...

Mobile botnet Android/RootSmart (aka Bmaster) is making substantial amount of money from premium SMS numbers or services, according to Cathal Mullaney’s discovery of a mobile botnet front-end: yes, we had told you so. ...

It doesn’t happen that often altogether that mobile malware specifically come from France and propagate in France. It however seems to be the case this time for an Android malware named Foncy - not that there should be an...

Mark Balanza has spotted a new Android malware, Android/CruseWin.A!tr, which acts as an SMS relay. The malicious application is in contact with a remote C&C from which it gets an XML configuration file which contains the c...

Some time ago, I bumped into a few Android applications which use Airpush. Airpush is an advertisement SDK developers can add to their application to generate some revenue: for every thousand ads displayed via their applicati...

Our analyst, Ruchna Nigam, had been analyzing a sample of SymbOS/InSpirit.A!tr. SMS dropped in the victim’s inbox by SymbOS/InSpirit.A!tr A couple of months ago, this malware received some attention in China (for examp...

During the weekend, in our monitoring of the Zeus botnet, my colleague Kyle Yang stumbled upon an unexpected payload: a brand new mobile malware piece we named SymbOS/Zitmo.A!tr (Zitmo standing for “Zeus In The MObileR...

I had already seen mobile malware SMS messages with a malicious URL inside (e.g SymbOS/Yxes), or MMS messages (e.g SymbOS/Album.A!tr, SymbOS/Beselo!worm…) with a malicious attachment. However I had never noticed a mobile ...

Lately, I have been analyzing a sample of SymbOS/Album.A!tr, another advanced malware targeting mobile phones running Symbian OS 9 and greater. First of all, once more, like SymbOS/Yxes, this malware was “legitimately...

Want to impress friends with eccentric ways to send SMS messages? This article is for you. As a matter of fact - and closer to the official goal - this article can also help analysts spot unexpected SMS sending in malware. SMS...