Thursday, June 29, 2017
Home / Malware / Large scale Android Mobile Botnet Hijacking Discovered

Large scale Android Mobile Botnet Hijacking Discovered

Researchers at FireEye revealed the menace today, describing MisoSMS as “one of the largest advanced mobile botnets to date” and warning that it is being utilized in more than 60 malware campaigns.

FireEye monitored the infections to Android units in Korea and noted that the operaters are logging into command-and-control servers (C&C) from Korea and China, amongst other areas, to occasionally browse the stolen SMS messages.

FireEye’s research team identified a total of 64 mobile botnet campaigns within the MisoSMS malware family and a command-and-control that consists of over 450 unique malicious e-mail accounts.

FireEye security researchers Vinay Pidathala stated that MisoSMS infects Android systems by deploying a malicious Android app called “Google Vx” that acts as an Android settings app used for administrative tasks.

The app uses a bit of trickery to install and hide itself from the user. Once it’s installed, the app secretly steals the user’s personal SMS messages and emails them to a webmail command-and-control server.

Pidathala went on to explain the SMS ex-filtration technique:

“This application exfiltrates the SMS messages in a unique way. Some SMS-stealing malware sends the contents of users SMS messages by forwarding the messages over SMS to phone numbers under the attacker’s control. Others send the stolen SMS messages to a CnC server over TCP connections. This malicious app, by contrast, sends the stolen SMS messages to the attacker’s email address over an SMTP connection. ”

Pidathala reported all of the malicious e-mail accounts have already been banned as part of a mitigation strategy with law enforcement and security response officials in Korea and China

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …