Detect Date 09/29/2015
Class Worm
Platform AndroidOS

Self-spreading malware of this family can perform the following actions without the user’s knowledge:

  • Run commands received from a command-and-control server.
  • Make premium-rate phone calls via IP telephony.
  • Attack other IP addresses on the network.
  • Filter SMS messages.

These malicious programs spread independently by sending phishing SMS messages to the user’s entire contact list, with a link to the malware executable file.

Geographical distribution of attacks by the Worm.AndroidOS.Posms family


Geographical distribution of attacks during the period from 31 July 2014 to 3 August 2015

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 Russia 98.04
2 Ukraine 0.33
3 USA 0.24
4 India 0.18
5 United Kingdom 0.18
6 China 0.15
7 Germany 0.15
8 France 0.09
9 Turkey 0.09
10 Canada 0.06

* Percentage among all unique Kaspersky users worldwide who were attacked by this malware

Find out the statistics of the threats spreading in your region