Security announcement about activating value added services

The unknown applications which are not authorized by MCI are installed by the subscriber, regardless of the source. After installing mentioned applications, promotional text messages that contain a download link to activate the value-added service  are sent into subscriber's cell phone. In this process, the management of phone text messages is granted by subscriber to the application. At this point, the program starts its main activity and without prior notifications to the subscriber messages are sent in order to activate the value-added services. The program eliminates the history of text messages by using the possibility of deleting SMS messages and eventually the subscriber remains unaware.

  •  Temporary solution (useful measures):
  •  Subscribers must be aware about programs that  are sent their links via SMS and after ensuring that the programs are authentic and intended, install them.
  •  Subscribers will promptly notify the number 9990 if they see any additional costs due to the activation of value added services without their knowledge of mobile bills.
  •  Do not click on anonymous or suspicious links, such links may contain malicious code that can infect mobile phones. Advisory about mobile's malware is published in the MCI-CERT's website. Please refer to the following link:

        https://www.mci.ir/web/en/cert/common_mobile_malwares_en

  •  knowledge of subscribers must be augmented in the field of social engineering (Do not download suspicious and invalid programs).
  •  Please refer to the following link about social engineering attacks:

        https://www.mci.ir/web/en/cert/social_engineering_en

  •  Installing applications from unknown resources must not be allowed. It is strongly recommended to install apps from reputable and most well-known stores .such as Google Play for android and App Store for iOS.
  •  Use up-to-date and valid anti-viruses on mobile phones.
  •  When installing the program (even from official websites), pay attention to the level of requested permission when installing applications.
  • Check the subscriber feedback section about installed programs before installing the program.
  •  solution:
  •  The suspicious or infected phone must be always scanned and cleaned by the aim of authentic and up to date antivirus applications.
  •  Although the installation of anti-malware on the mobile phone is strongly recommended, however, none of them, guarantees %100 against malwares.Nevertheless, by installing such tools and regularly updating them, most of the malwares are thwarted effectively.
  •  Always update the phone. By updating the phone, many patches can be patched, as many of these vulnerabilities are fixed by Apple, Google, and firmware makers and upgrade equipment.