Researchers recently discovered a malicious Android application that turns the devices into SMS relays used to verify various accounts on the internet.
At press time, the app has more than 100,000 downloads on the Google Play Store, and can still be downloaded.
Oftentimes, when people create online accounts, they need to verify their identities via their mobile phones and confirm they’re not bots or users spamming account creation. Users share their phone numbers and are sent a one-time passcode (OTP) which verify their identity.