Android Malware Acts as Security Update

Wednesday, January 22, 2014 @ 03:01 PM gHale

There are six versions of a new Android threat designed to steal SMS messages and intercept phone calls, researchers said. This continues the growing trend of bad guys focusing on SMS messages.

The malware, called “Android.HeHe,” is going out as a security update for the mobile operating system, said researchers at FireEye. Once it infects a device, it connects to its command and control (C&C) server and starts monitoring incoming SMSs.

Android Platform Coming for Autos
Android Malware on Rise
Securing Automobile Software Updates
SAP Trojan Uses Carberp Code

“We named this sample set “Android.HeHe” after the name of the activity that is used consistently across all samples,” researchers said in a blog post.

The C&C sends the malware a list of phone numbers. If the infected device receives an SMS or a call from one of these numbers, the threat steps into play and intercepts the communications.

Text messages from these numbers end up captured and sent back to the C&C server. As far as phone calls are concerned, they’re “silenced and rejected.”

Click here for more of FireEye’s analysis.

Leave a Reply

You must be logged in to post a comment.