SMS-controlled Android malware records calls

Researchers at NQ Mobile Security have discovered a new piece of Android malware that receives instructions, i.e. is controlled, via SMS.

Dubbed TigerBot, the Trojan hides by not showing any icon on the home screen and takes the names and icons of popular and common Google and Adobe apps like “Flash” or “System” in order to blend in with the legitimate apps installed on the phone.

“In order to receive remote commands, it registers a receiver with a high priority to listen to the intent with action ‘android.provider.Telephony.SMS_RECEIVED’,” point out the researchers. “As a result, it can receive and intercept incoming SMS messages before others with lower priorities.”

The capabilities of the malware include: recording phone calls, changing network settings, uploading the current GPS location, capturing and uploading images, sending text messages to a particular number (but, it seems, not a premium service one), rebooting the phone and killing other running processes. Still, not all the actions are always effective.

So far, the Trojan hasn’t been detected being offered on Google Play (the former Google’s Android Market), but only on third-party online marketplaces.

The researchers urge users to always be careful when downloading new apps.

“Only download applications from trusted sources, reputable application stores, and markets, and be sure to check reviews, ratings and developer information before downloading,” they say.




Share this