TigerBot - SMS Controlled Android Malware Stealing Information
A new form of Android malware controlled via SMS messages has been discovered and the malware can record phone calls, upload the device’s GPS location, and reboot the phone, among other things.
Researchers at NQ Mobile, working alongside researchers at North Carolina State University, have discovered this Android malware called "TigerBot", differs from “traditional” malware in that it is controlled via SMS rather than from a command & control (C&C) server on the Internet.
A common aspect of Android malware is the use of a command and control server that tells the malware what to do next and acts as a repository for any captured passwords or banking information.
The current information about this malware show that it can execute a range of commands including uploading the phone’s current location, sending SMS messages, and even recording phone calls. It works by intercepting SMS messages sent to the phone and checking to see if they are commands for it to act. If they are, it executes the command and then prevents the message from being seen by the user.
TigerBot tries to hide itself from the user by not showing any icon on the home screen and by using legitimate sounding app names (like System) or by copying names from trusted vendors like Google or Adobe.
Based on our current analysis, it supports the following commands:
- Record the sounds in the phone, including the phone calls, the surrounding sounds and etc.
- Change the network setting.
- Upload the current GPS location.
- Capture and upload the image.
- Send SMS to a particular number.
- Reboot the phone.
- Kill other running processes.
To avoid becoming a victim, Only download applications from trusted sources, reputable application stores, and markets, and be sure to check reviews, ratings and developer information before downloading.