A new form of Android malware controlled via SMS messages has been discovered and the malware can record
phone calls, upload the device’s GPS location,
Researchers at NQ
Mobile, working alongside researchers at North Carolina State
University, have discovered this Android malware called
"TigerBot", differs from “traditional” malware in that it is controlled
via SMS rather than from a command & control (C&C) server on the
Internet.
A common aspect of Android
malware is the use of a command and control server that tells the
malware what to do next and acts as a repository for any captured
passwords or banking information.
The current information about
this malware show that it can execute a range of commands including
uploading the phone’s current location, sending SMS messages, and even
recording phone calls. It works by intercepting SMS messages sent to the
phone and checking to see if they are commands for it to act. If they
are, it executes the command and then prevents the message from being
seen by the user.
TigerBot tries to hide itself
from the user by not showing any icon on the home screen and by using
legitimate sounding app names (like System) or by copying names from
trusted vendors like Google or Adobe.
Based on our current analysis, it supports the following commands:
- Record the sounds in the phone, including the phone calls, the surrounding sounds and etc.
- Change the network setting.
- Upload the current GPS location.
- Capture and upload the image.
- Send SMS to a particular number.
- Reboot the phone.
- Kill other running processes.
To avoid becoming a victim, Only
download applications from trusted sources, reputable application
stores, and markets, and be sure to check reviews, ratings and developer
information before downloading.
and reboot the phone, among other things.
No comments:
Post a Comment