Mobile security expert Lookout is warning of a new threat that affects users on Android devices through spam, bulk messaging and foreign banks. The threat is directly associated with a bulk SMS messaging platform called Bazuc. The platform offers users a bonus if they allow the app to access their messaging allowance. There have been over 50,000 downloads as to date. And according to the developer it has been downloaded from 3rd party vendors as well.
They bait users with the idea of getting cash for their unused text message inventory. What this does is allow the malicious people using the app to now send messages that bypass normall mobile spam filters because it looks like it is coming from your phone. And in reality, it is coming from your phone. Bazuc’s authors are basically charging vendors to send malicious emails using your phone number.
These messages have, so far, been directed at American users. But they have originated in Russia, Nigeria, Poland, and Mexico. They have ranged from simple registration requests, to password and PIN code farming.
The real problem occurs in the fact that the messages are open for the owner of the relay to see. This puts banks and other institutions clients at risk.
Bazuc is not considered “malware” due to the fact that is just exploits loopholes in all mobile platforms. If you install this app, you risk all of your personal information being shared with many different people and organizations. It is very easy for this information to fall into the wrong hands.
While Bazuc isn’t breaking any rules, phone users who have downloaded the app and used this feature have definitely suffered the consequences of this “loophole”. And this app, in most cases, breaches the terms of use contract that you sign when you pay for your mobile plan.
Lookout has also brought to light a very good point on their blog stating:
“…we can’t discount the possibility that this network could be used to send illegal messages, and in this case the owner of the phone is likely to find themselves in hot water with the authorities”.
So, the app isn’t breaking any laws, but it might just end with you getting in some trouble in more than one way. Beware of the Bazuc app.