[SingCERT] Malicious SMS

Published on Monday, 24 November 2014 19:54

[ Background ]

SingCERT has received reports of individuals receiving an SMS message from their contacts.

The content of the SMS is:

<Name> Is this your photo?
<Shortened link>


[ Impact ]

When a user clicks on the link, the user may be prompted to install an app.

If they do so, malware will be downloaded and installed on their phones.

The malware accesses the user’s address book and sends a similar SMS to the user’s contacts.


[ Affected Systems ]

  • Android


[ Recommendations ]

  • Delete the SMS immediately if such an SMS is received.
  • Never click on suspicious links.
  • Uninstall the app, called the PhotoViewer, from infected phones and delete the Android Application Package (APK) file from the Downloads folder, which could be accessed from the browser’s settings page.
  • Download and install apps from the official sources (e.g. iTunes store, Android Play Store).
  • Disable the installation of apps from unknown sources (Settings > Security > uncheck Unknown sources box).

Users may refer to GoSafeOnline for more information to secure their mobile phones.