A mobile botnet called MisoSMS is giving the Android platform a kick in the botnets, stealing personal SMS messages and sending them to attackers in China.
God knows what a Chinese hacker would do with the information that I am still “in the pub and will be late home”, or “can you turn the oven on for fish and chips” which are the content of my SMSes in the last few days.
However Researchers at FireEye claim that MisoSMS as “one of the largest advanced mobile botnets to date” and warning that it is being used in more than 60 spyware campaigns.
FireEye found that the infection started in Android devices in Korea and noted that the attackers are logging into command-and-controls in from Korea and mainland China.
So far FireEye’s research team discovered a total of 64 mobile botnet campaigns in the MisoSMS malware family. It also has an elaborate command-and-control system that uses more than 450 malicious e-mail accounts.
FireEye’s Vinay Pidathala said MisoSMS uses a malicious Android app called “Google Vx” that masquerades as an Android settings app.
Using a bit of trickery to get itself installed, the app secretly steals the user’s personal SMS messages and emails them to a webmail command-and-control.
What is unusual about this method is that some SMS-stealing malware sends the contents of users SMS messages by forwarding the messages over SMS to phone numbers under the attacker’s control. Others send the stolen SMS messages to a CnC server over TCP connections.
MisoSMS sends the stolen SMS messages to the attacker’s email address over an SMTP connection.
Pidathala said that FireEye had managed to get all of the reported malicious e-mail accounts deactivated as part of a mitigation strategy with law enforcement and security response officials in Korea and China.