Android malware sends texts to China

MisoSMS used in at least 64 spyware campaigns, steals text messages, emails them to China.

One of the largest botnets ever created is stealing text messages and sending them to Chinese servers, according to an IT security firm.

Researcher at FireEye said they had discovered 64 Android botnet campaigns that belongs to the MisoSMS malware family.

According to FireEye, each of the campaigns used webmail as its command and control infrastructure. This infrastructure comprises of more than 450 unique malicious email accounts.

MisoSMS infects Android systems by deploying a class of malicious Android apps, according to the researchers. The mobile malware masquerades as an Android settings app used for administrative tasks. When executed, it secretly steals the user's personal SMS messages and emails them to a command and control (CnC) infrastructure hosted in China.

"This application exfiltrates the SMS messages in a unique way. Some SMS-stealing malware sends the contents of users' SMS messages by forwarding the messages over SMS to phone numbers under the attacker's control," said FireEye researchers Vinay Pidathala, Hitesh Dharmdasani, Jinjian Zhai and Zheng Bu in a blog post.

"Others send the stolen SMS messages to a CnC server over TCP connections. This malicious app, by contrast, sends the stolen SMS messages to the attacker's email address over an SMTP connection," they added.

The researchers said that MisoSMS is one of the largest mobile botnets that uses modern botnet techniques and infrastructure.

The firm said it was working with Korean law enforcement and the Chinese webmail vendor to mitigate this threat. "This threat highlights the need for greater cross-country and cross-organisational efforts to take down large malicious campaigns," the company said in a statement.

It has also been working with the security community to dismantle the CnC infrastructure used by the malware.

As reported by IT Pro, Android malware has also been discovered calling premium rate numbers.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022