AdaptiveMobile uncovers RAT mobile malware

The malware is sent via SMS that redirects to an APK file

AdaptiveMobile has discovered mobile malware that will allow a hacker to remotely control or monitor the phone, listening in to conversations, tracking any web activity and hijacking the camera when it wishes to.

The remote access control (RAT) malware is sent to a smartphone via SMS. If a user clicks on the link in the message, they will be redirected to an APK file. If this is opened, it will install the malware on the device, allowing the criminal to take over.

"While unsophisticated, this malware is interesting as it is delivered using SMS and is purporting to be a MMS message," AdaptiveMobile said in its report. "We've seen this specific behaviour before in Russia in 2013. And as we've reported on before, the normal propagation method for malware using SMS is via worms."

The APK is packaged using DroidJack, which is unique to Android devices and is easy to package for even the most junior of hackers. In fact, a hacker could package the malware using a tutorial readily available on the DroidJack website.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Another indicator that the person or group behind the malware is not a professional is that they did not attempt to hide the malware. Rather than injecting the it into another application to launch an attack without the user knowing, the RAT malware takes the name of MMSDisplay.

"This is not the first time the attacker has attempted to exploit mobile users," AdaptiveMobile said. "We observed the same number sending PayPal phishing spam to North American subscribers, with the phishing website tracked to be hosted at the same location as the malware."

The company reminded people not to click on the link in an SMS from an unknown sender to prevent the malware infecting their device.

"While we often demonstrate the increasing sophistication and complexity of attacks on mobile networks, it's important to remember that a simple attack can also be a success for the attacker," the company said.

"As security controls become tighter and mobile operators work to identify and block attacks on mobile networks, bad actors are using a variety of methods and moving to different bearers."

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020