Android botnet stole SMSes from South Korea, emailed them to China
An Android botnet found in South Korea that steals text messages may be one of the largest and most advanced mobile malware operations discovered, according to security vendor FireEye.
The botnet, which FireEye called “MisoSMS,” was used in 64 spyware campaigns, stealing text messages from phones in Korea and forwarding them to email accounts accessed by hackers in both China and South Korea.
MisoSMS is embedded in an Android application that purports to be an administrative settings tool, FireEye wrote on its blog. The application calls itself “Google Vx” and asks for administrative permissions that, if granted, allow the malware to hide. It then collects text messages and sends them by email to the attackers, which is a new technique, FireEye wrote. Some SMS malware applications forward text messages to hackers’ phones via SMS, while others send messages via TCP connections.