Chinese Hackers Steal SMS from Android MobilesAdded: Wednesday, December 25th, 2013
Category: About Torrents > Staying Safe And Secure
Tags:ET, p2p, Torrent, Piracy, Peer To Peer, Network, Hackers, Internet, BitTorrent, Google, utorrent, bitcomet, extratorrent, 2013, www.extratorrent.cc
A mobile botnet named MisoSMS has given Android platform a kick in the botnets – it manages to steal personal SMS messages and send them to Chinese hackers. It is unclear though what a Chinese hacker would do with texts like “Honey, I’m still drink and can’t drive home”, or “Call me back ASAP”.
Security experts admitted that MisoSMS was one of the largest advanced mobile botnets ever, warning that it was being used in more than 60 spyware campaigns. The researchers revealed that the infection started in Android devices in Korea and noted that the intruders were logging into command-and-controls from Korea and mainland China. So far they discovered 64 mobile botnet campaigns in the MisoSMS malware family, along with an elaborate command-and-control system using over 450 malicious e-mail accounts. MisoSMS uses a malicious Android app called “Google Vx” which masqueraded as an Android settings app.
With a bit of trickery to get itself installed, the application in question secretly steals users’ personal SMS messages and emails them to a webmail command-and-control. An interesting thing is that some of SMS-stealing malware sends the contents of users’ SMS messages by forwarding them as SMS to phone numbers under the hackers’ control, while others send the stolen SMS messages to a CnC server over TCP connections, but MisoSMS sends the stolen messages to the hackers’ email address over an SMTP connection.
The security specialists said they had managed to get all of the reported malicious e-mail accounts deactivated in frames of a mitigation strategy with law enforcement and security response officials in both Korea and China.
December 25th,2013Posted by:
Wednesday, December 25th, 2013
|The bigger problem is the really poor security options available on Android apps with somewhat ridiculously broad security rights. Most apps will ask to read phone identity simply because the need to be able to identify the device on which the app is installed, but the security grant for phone identity gives a whole crap-load more than that. Manage accounts is another good one where in order for an app to actually store its own accounts it needs access to all the accounts.||
Most Popular Stories