Security researchers have found a new and advanced malware, MisoSMS, which is being used to recruit Android zombies into a large SMS-stealing botnet going by the same name.
Folks over at FireEye have claimed that the newly discovered botnet is being used in as many as 64 spyware campaigns. Highly active in Korea, the malware masquerades itself as an Android app dubbed “Google Vx” and once installed on users’ Android device starts stealing their SMS messages and sends them off to the botnet’s command and control servers located in China.
This malware and the botnet are unique for the fact that other malware are known to send the contents of the SMS by forwarding the messages over SMS to phone numbers under the attacker’s control; however, this one sends stolen SMS messages to email accounts controlled by hackers over an SMTP connection.
FireEye has claimed that they have managed to get all the known malicious email addresses deactivated and that they are been closely monitoring the “threat and continue working with relevant authorities to mitigate it.”
“MisoSMS is one of the largest mobile botnets that leverages modern botnet techniques and infrastructure. This discovery, coupled with the other discoveries from FireEye, highlights the importance of mobile security and the quickly changing threat landscape”, notes the security company in its blog post.
One thing that surprises us is what on earth a hacker would do with such stolen SMSs? Forward of SMS to a premium number makes sense considering the revenue generation aspect of that scenario. However, using SMTP to forward SMS, which may contain things like “Sorry! I will be late”, just doesn’t make sense.
