Android Malware uses SMTP

Wednesday, September 11, 2013 @ 12:09 PM gHale


A new Android malware is using SMTP to send the data it steals to its masters.

In general, there’s nothing out of the ordinary about this malware, said researchers from F-Secure. It poses as “Google Service” to remain undetected, and it makes sure it stays persistent by asking the user to activate device administrator.

RELATED STORIES
False AVG Antivirus App Targets Android
New Way to Spread Android Trojan
Mobile Spam Risks on Rise
Threat Report: Mobile Attacks Taking Off

Once installed, it starts collecting information such as phone number, sent and received SMS messages and recorded audio.

The harvested information ends up added to an email and sent via SMTP servers such as smtp.gmail.com, smtp.163.com and smtp.126.com back to the cybercriminals.

F-Secure researchers said they believe Chinese developers created the Trojan, detected as Trojan:Android/SMSAgent.C.

Researchers first found the threat one month ago on alternative Android app markets and other precarious websites. Currently, it’s still out there on the loose.



Leave a Reply

You must be logged in to post a comment.