There are plenty of malicious apps and bugs out there that are capable of doing irreparable harm to mobile devices, regardless of operating system. Only a few days ago, a strange “1970” bug capable of bricking iPhones was discovered, but Apple says that it’s going to fix it in a future update. On the other side of the aisle, researchers have found a new Android malware threat that can affect any device and it uses only a simple text message to destroy your phone’s security.
Experts from Heimdal found a text message that tells receivers that they have an MMS message from an unknown contact. The message includes a link where the receiver can view the message, but it’s actually a link to an app.
This is what such a malicious message would look like: “You have received a multimedia message from +[country code] [sender number] Follow the link http:www.mmsforyou [.] Net /mms.apk to view the message.”
Clicking on this link will install the official Tor app onto your phone, which allows hackers to gain access to your phone. Furthermore, a message to a number in Iran is also automatically sent from your number, with the words “Thank you” in it.
From there, Yahoo reports, hackers can erase the device, send SMS messages and make calls. The backdoor can be used to spy on phone owners, and even break two-factor authentication. Thus, hackers could target someone with such messages to steal access to online banking apps and credentials for other websites.
What can you do to avoid it?
“First of all, NEVER click on links in SMS or MMS messages on your phone. Android phones are notoriously vulnerable and current security product dedicated to this OS are not nearly as effective as they are on computers,” Heimdal says.
If you think you may have inadvertently clicked on one of these malicious links, then make sure you change passwords to all your services and consider having your phone inspected and reflashed by a security expert.