Saturday, April 29, 2017
Home / Malware / Strain of Android Malware Disconnects Calls – Targeting Korean Users

Strain of Android Malware Disconnects Calls – Targeting Korean Users

Researchers have identified a different Android malware family that conceals itself as a security app, and intercepts the inbound texts and calls of victims.  According a malware researcher at FireEye who wrote about the new threat on Tuesday, six variants of the Android malware, now being called “HeHe,” have been detected by the security firm, all of which are below a detection rate of 3/48 on Virustotal.

“The possible sources are that you get a link to download the app as an SMS spam message, or from forums where all of these third party apps are advertised,” the researcher said.

He added that this malware seems to be aimed towards Korean users, because the malicious “Android security” app is written in that language.

In addition, HeHe malware also collects other phone data – including international mobile subscriber identity (IMSI) data, International Mobile Station Equipment Identity [IMEI] numbers, and phone numbers and sends the data to two Command-and-control servers, which are hardcoded into the malware: 122.10.92.117 and 58.64.183.12.

“There’s no inbound communications,” the researcher said of the victims who unknowingly download the HeHe Android malware.  “It doesn’t matter whom the SMS came from, it will still get intercepted. But it will disconnect calls selectively,” he added.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Healthcare sector hit by advanced worms, infects MRI and x-ray machines

MRI, x-ray, and an oncology machines were all found containing malware with code to install …