More than half a million Android smartphones across the U.S. and Europe have been infected by malware distributed by SMS, new research has found. Once the malicious software is installed, it is used to access all of the data stored on your phone that hackers might be interested in — including your text messages, call logs, contacts list, and even your photos.

As a result, security firm Group-IB is warning banks to find new ways of exchanging information with their clients by cellphone.

The malware has infected more than 541,000 devices in total. Hackers send text messages to their victims with seemingly innocent messages that encourage them to visit a link. One method is to invite them to download “a fresh set of photos,” but others attempt to imitate messages from well-established companies.

“The criminals come up with new…social engineering techniques to trick people,” said Nikita Kislitsin, Group-IB’s head of botnet intelligence, during an interview with RT.com. “They try to imitate well-known companies; they try to mimic to software updates to well-known software applications or plugins.”

In Russia, where 90% of banks use SMS messages to “deliver secret codes in order to confirm money payments,” hackers monitor text messages in an effort to establish just how wealthy their victim may be. The bigger your bank balance, the more “interesting” you become, Kislitsin said.

A screenshot released by Group-IB shows the kind of control hackers have over your device once their malware is installed. They can see your telephone number, the model of your smartphone and its operating system, and even its IMEI number. They can also use the application to pull your text messages, call logs, photos, and other personal data.

The worrying thing about this malware is most people don’t know their device has been infected by it until they notice they’re losing money. “General people wouldn’t notice this malware for years because it doesn’t give a sign – any sign – that it’s installed,” Kislitsin explained. “In 95% of cases, people do not install malware by themselves.”

Group-IB believes the only way you can be 100% secure is to use your old phone “from 5-10 years ago,” which isn’t susceptible to the same malware. Alternatively, you can install antivirus software on your Android device to make it safer, Kislitsin advises — and of course, don’t click on links in SMS messages (or any other messages) unless you are completely certain that they are safe.

• ViaRT