Home > Threat descriptions >



Category:  Riskware

Type:  Riskware

Platform:  Android

Aliases:  Riskware:Android/Smspay.variant!Online


This detection from the F-Secure Security Cloud identifies Android apps with code or behavior similar to Riskware:Android/SmsPay. SmsPay variants are typically repackaged or trojanized apps, which are legitimate programs that have been recompiled with additional components and then redistributed.


Automatic action

Once the scan is complete, the F-Secure security product will prompt you to assess the file and choose to Uninstall, Quarantine or keep it installed on your device.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

F-Secure Security Cloud is an online reputation service that provides the latest analysis and reputation rating for programs, files and websites. If a questionable program or file is found during a scan, a query is sent to the Security Cloud to get the most recent reputation rating for it.

Based on the settings of your F-Secure security product, it will then use the information from Security Cloud (and if needed, further analysis) to determine whether to delete, quarantine or block the program or file.

The Security Cloud rating for the identified app indicates that it has code similar to Riskware:Android/SmsPay. SmsPay variants are repackaged legitimate apps that contain an additional module to send and receive SMS messages. While not malicious in itself, such functionality is also commonly misused by Android malware to silently send premium-rate or spam SMS messages.

The app's SMS-sending behavior may result in unexpectedly high phone charges if the user is unaware of the app's capabilities. This behavior may also be legally questionable, depending on the jurisdiction and if it is done without the user's knowledge or consent.

While apps with this behavior may be legitimately used by the device's authorized user, they are classified by security programs as riskware because in the hands of unauthorized users, they can also be used to cause damage to the user's data or the device.

If you are confident that you are aware of the risks involved in using the app and consent to its use, you may choose to keep the app installed on your device.