One of the largest botnets ever created is stealing text messages and sending them to Chinese servers, according to an IT security firm.
Researcher at FireEye said they had discovered 64 Android botnet campaigns that belongs to the MisoSMS malware family.
According to FireEye, each of the campaigns used webmail as its command and control infrastructure. This infrastructure comprises of more than 450 unique malicious email accounts.
MisoSMS infects Android systems by deploying a class of malicious Android apps, according to the researchers. The mobile malware masquerades as an Android settings app used for administrative tasks. When executed, it secretly steals the user's personal SMS messages and emails them to a command and control (CnC) infrastructure hosted in China.
"This application exfiltrates the SMS messages in a unique way. Some SMS-stealing malware sends the contents of users' SMS messages by forwarding the messages over SMS to phone numbers under the attacker's control," said FireEye researchers Vinay Pidathala, Hitesh Dharmdasani, Jinjian Zhai and Zheng Bu in a blog post.
"Others send the stolen SMS messages to a CnC server over TCP connections. This malicious app, by contrast, sends the stolen SMS messages to the attacker's email address over an SMTP connection," they added.
The researchers said that MisoSMS is one of the largest mobile botnets that uses modern botnet techniques and infrastructure.
The firm said it was working with Korean law enforcement and the Chinese webmail vendor to mitigate this threat. "This threat highlights the need for greater cross-country and cross-organisational efforts to take down large malicious campaigns," the company said in a statement.
It has also been working with the security community to dismantle the CnC infrastructure used by the malware.
As reported by IT Pro, Android malware has also been discovered calling premium rate numbers.
-
Hounslow Council partners with Amazon Web Services (AWS) to build resilience and transition away from legacy techSpomsored One of the most diverse and fastest-growing boroughs in London has completed a massive cloud migration project. Supported by AWS, it was able to work through any challenges
-
Salesforce targets better data, simpler licensing to spur Agentforce adoptionNews The combination of Agentforce 360, Data 360, and Informatica is more context for enterprise AI than ever before
-
Europol hails triple takedown with Rhadamanthys, VenomRAT, and Elysium sting operationsNews The Rhadamanthys infostealer operation is one of the latest victims of Europol's Operation Endgame, with more than a thousand servers taken down
-
Seized database helps Europol snare botnet customers in ‘Operation Endgame’ follow-up stingNews Europol has detained several people believed to be involved in a botnet operation as part of a follow-up to a major takedown last year.
-
Horabot campaign targeted businesses for more than two years before finally being discoveredNews The newly-discovered Horabot botnet has attacked companies in the accounting, investment, and construction sectors in particular
-
Brand-new Emotet campaign socially engineers its way from detectionNews This latest resurgence follows a three-month hiatus and tricks users into re-enabling dangerous VBA macros
-
Microsoft says “it’s just too difficult” to effectively disrupt ransomwareNews The company details its new approach to combatting cyber crime as the underground industry drains $6 trillion from the global economy
-
Beating the bad bots: Six ways to identify and block spam trafficIn-depth Not all traffic is good. Learn how to prevent bad bots from overrunning your website
-
Ukraine's vigilante IT army now has a DDoS bot to automate attacks against RussiaNews The 270,000-strong IT Army of Ukraine will now combine supporters' cloud infrastructure to strengthen the daily attacks against their invaders
-
Microsoft's secure VBA macro rules already being bypassed by hackersNews Recent analysis of Emotet activity has revealed a shift away from malicious Office documents to drop malware
