SMS Grabbing Malware Targets Android

SMS grabbing malware detected

Researchers working on Internet security have detected an early use of SMS grabbing malware, which is developed to impose as a legitimate Android security application. The imposing application re-routes text messages to web servers. The malware encourages users to install the application posing as the Mobile Security 9 software, which is a legal mobile antivirus application developed by Kaspersky Lab.

Malware procures the unique device ID

When a user launches the package, the malware seeks to procure the unique device ID number. Thereafter, the malware transforms this code in to an activation code, which is then displayed as a legitimate Android view. However, in the background the application installs a broadcast receiver, which tries to capture text messages and route it to another server that is set up by the attackers.

Similarity to Zitmo

The modality of the application resembles the Trojan spyware application Zitmo. However, the new malware code is not conclusive to state if the malware has been developed by the same individual. Zitmo was detected in June and was disguised as the legal Android Market app, TrustMobile. Although, the application has been taken out, several mirroring websites exist, which save the information on the programs that have an approval from Google.

Four target platforms

Zitmo is the abbreviated form of Zeus-in-the-mobile. This is associated with Zeus crime ware kit and related botnets, which is preferred by the crooks, who generally target the financial information of individuals. The malware, Zitmo targets four platforms, which include Windows Mobile, Android, Blackberry, and Symbian. The Zitmo application resembles a real mobile security application, which is the Trusteer Rapport.

Attempt to enter smart phones of individuals

Besides targeting the Android Market, the SMS-grabbing malware targeted entering the smart phones through related malware applications. These would in turn launch when a user logged in to his or her bank account through his or her smart phone. This is when the malware would encourage users to install a new security system to protect their information while using online banking for transactions. Once the installation was complete, the malware could query the mobile operating system that was used by the particular mobile phone. In case, the user chose Android, he or she would be redirected to a web site, which would be hosting the malicious Android application. Once redirected to this site, the users would be prompted to download and install the application on their smart phones.