The 4.2 Jelly Bean version of Android was introduced to users in 2012 with many innovations. However, the SMS application, which was frequently used at that time, sometimes crashed and sometimes showed your messages as if they were not sent. The only way to solve this problem was to use the newly emerging SMS applications at that time. Users solved this problem thanks to third-party SMS applications they downloaded from the Google Play Store.
Since then, many users around the world prefer third-party SMS applications that they know and trust. However, sometimes users who want to try something new can put their phones at great risk.
The application that sends SMS without your knowledge and commits a crime: Symoo
Researcher Maxime Ingrao, who works at Evina company, which provides cyber security services for mobile devices, revealed in a research that the SMS application Symoo is not at all what it seems. According to the data found by Ingrao, Symoo, although it looks like an SMS application from the outside, actually sends SMS to unknown people using your phone. Ingrao states that such applications are often used by hackers and other criminals.
As of today, the application, which has been removed from the Play Store, has already passed 100,000 downloads, even though it was made available on October 18, 2022. In fact, the developer of the application even updated Symoo several times after it was released.
So how does this app work?
From the outside, it looks like a simple and useful SMS application. When you download Symoo, the application asks you to sign up using your phone number and allows you to both send and receive SMS and show you incoming notifications. Due to the functionality of the application, as soon as you allow it, the application goes to a loading screen stating that it is compiling your messages. However, just at this time, the application activates two-step verification services of stolen or fake accounts that do not belong to you on platforms such as Viber, Telegram, Instagram and Google, without your knowledge.
Then you use the application as if nothing has happened, but the people who use these fake accounts are involved in dozens of different illegal jobs through your number and in case of any problems, these accounts begin to be examined. The authorities, who examine the account involved in the crime, find your number in front of them, that is, the pumpkin explodes on your head.
Maxime Ingrao, who reverse-engineered the application, explains that the application is directly connected to one of the fake account sales platforms originating from India, and that this platform provides users with two-step verification services on the platforms they want, for small amounts such as 50 cents.