Malware in this family is distributed as a password-protected archive. To extract files from the archive, the program asks the user to send an SMS message to a premium number. After the SMS message is sent, one of three things generally happens: nothing happens, the archive contents are something other than what was claimed, or the archive is expanded to reveal software that is distributed for free.
These hoax programs are fraudulent but are not harmful by themselves and do not perform any destructive actions on the user’s computer.
Geographical distribution of attacks by the Hoax.Win32.ArchSMS family
Geographical distribution of attacks during the period from 27 September 2014 to 27 September 2015
Top 10 countries with most attacked users (% of total attacks)
* Percentage among all unique Kaspersky users worldwide who were attacked by this malware