History doesn't repeat itself, but it rhymes: back when the Internet was still new, email fairly rare, and screensavers genuinely necessary to prevent pattern burn-ins from damaging old-fashioned CRT screens, many of the earliest computer virus/malware epidemics were spread via infected screensaver offerings.
When mobile (though not necessarily “smart”) phones started getting big, malware writers used the lure of free decorative “wallpaper” to spread their unwanted products.
And now that smartphone or mobile device apps are the big thing, of course malware writers are working through third-party home screen apps, because – really, who expected anything different this time?
New phishing scam
Today, security researchers at Cheetah Mobile announced the discovery of a new phishing scam which takes advantage of vulnerabilities in various third-party homescreen apps for Android devices:
...many homescreen applications contain potential safety threats. These apps will treat fake SMS messages, such as those sent by hackers, the same as common SMS messages and present them to the user for viewing. This kind of behavior is great for hackers as it means their SMS messages will be easily read and users will fall for them.
The bulk of this security threat comes from third-party home screen applications:
If your Android system is lower than version 4.4, then you may have heard of the ‘Fake SMS’ Leak, which is where this potential threat comes from. When user turns on the homescreen application, it will take over the SMS inbox and help organize your messages. Therefore it does not have the same kind of security safeguards as the regular inbox, and fake messages may be pushed as normal messages.
Cheetah Mobile posted lists of affected systems and affected applications here.
Of course, if your Android is a version more recent than 4.4 you probably have nothing to worry about, but f you use an older version, check your systems and applications against this list, and update them as necessary.