Android malware sends texts to China

MisoSMS used in at least 64 spyware campaigns, steals text messages, emails them to China.

One of the largest botnets ever created is stealing text messages and sending them to Chinese servers, according to an IT security firm.

Researcher at FireEye said they had discovered 64 Android botnet campaigns that belongs to the MisoSMS malware family.

According to FireEye, each of the campaigns used webmail as its command and control infrastructure. This infrastructure comprises of more than 450 unique malicious email accounts.

Advertisement - Article continues below

MisoSMS infects Android systems by deploying a class of malicious Android apps, according to the researchers. The mobile malware masquerades as an Android settings app used for administrative tasks. When executed, it secretly steals the user's personal SMS messages and emails them to a command and control (CnC) infrastructure hosted in China.

"This application exfiltrates the SMS messages in a unique way. Some SMS-stealing malware sends the contents of users' SMS messages by forwarding the messages over SMS to phone numbers under the attacker's control," said FireEye researchers Vinay Pidathala, Hitesh Dharmdasani, Jinjian Zhai and Zheng Bu in a blog post.

"Others send the stolen SMS messages to a CnC server over TCP connections. This malicious app, by contrast, sends the stolen SMS messages to the attacker's email address over an SMTP connection," they added.

Advertisement - Article continues below

The researchers said that MisoSMS is one of the largest mobile botnets that uses modern botnet techniques and infrastructure.

Advertisement - Article continues below

The firm said it was working with Korean law enforcement and the Chinese webmail vendor to mitigate this threat. "This threat highlights the need for greater cross-country and cross-organisational efforts to take down large malicious campaigns," the company said in a statement.

It has also been working with the security community to dismantle the CnC infrastructure used by the malware.

As reported by IT Pro, Android malware has also been discovered calling premium rate numbers.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now


mobile security

Parachute's Superlock feature keeps your phone recording in an emergency

2 Jun 2020

K2View innovates in data management with new encryption patent

28 May 2020
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020

Most Popular


Apple confirms serious bugs in iOS 13.5

4 Jun 2020

The UK looks to Japan and South Korea for 5G equipment

4 Jun 2020

Tycoon ransomware discovered using Java image files to target software firms

5 Jun 2020