Researchers have identified six variants of a new strain of Android malware that is designed to intercept calls and SMS text messages and removes any records of the communications from the infected device.
The malware, dubbed Android.He.He, poses as a security update to the device’s operating system and then monitors the device for calls or messages from a predetermined list of numbers identified as being of interest to the attacker.
“If one of these numbers sends an SMS or makes a call to an infected device, the malware intercepts the message or call, suppresses device notifications from the device, and removes any trace of the message or call from device logs,” the researchers stated.
“Any SMS messages from one of these numbers are logged into an internal database and sent to the CnC server. Any phone calls from these numbers are silenced and rejected.”
The malware initiates several services in the background of the infected device, one being a Sandbox evasion feature, another that removes the application icon from view to obscure its presence, and one which harvests the data and send it to the command and control (C&C) server.
“Android malware variants are mushrooming. Threats such as Android.HeHe and Android.MisoSMS reveal attackers’ growing interest in monitoring SMS messages and phone call logs. They also serve as a stark reminder of just how dangerous apps from non-trusted marketplaces can be,” the researchers noted.
A detailed analysis of the malware’s functionality can be found here:
Read More Here…