Detect Date 09/29/2015
Class Hoax
Platform Win32

Malware in this family is distributed as a password-protected archive. To extract files from the archive, the program asks the user to send an SMS message to a premium number. After the SMS message is sent, one of three things generally happens: nothing happens, the archive contents are something other than what was claimed, or the archive is expanded to reveal software that is distributed for free.

These hoax programs are fraudulent but are not harmful by themselves and do not perform any destructive actions on the user’s computer.

Geographical distribution of attacks by the Hoax.Win32.ArchSMS family


Geographical distribution of attacks during the period from 27 September 2014 to 27 September 2015

Top 10 countries with most attacked users (% of total attacks)

Country % of attacked users*
1 Russia 63.17
2 China 12.37
3 Ukraine 5.22
4 Kazakhstan 3.99
5 USA 2.09
6 Germany 1.86
7 Belarus 1.73
8 France 0.91
9 India 0.60
10 Azerbaijan 0.51

* Percentage among all unique Kaspersky users worldwide who were attacked by this malware


Find out the statistics of the threats spreading in your region