Skip to content ↓ | Skip to navigation ↓

Researchers have uncovered Android malware employed in dozens of spyware campaigns that steals SMS text messages and sends them to attackers in China by way of 450 malicious email accounts used as a command and control (C&C) infrastructure.

The MisoSMS malware is understood to be the mechanism behind what the researchers described as “one of the largest advanced mobile botnets to date.” and is known to have been leveraged in at least 64 separate spyware operations.

“MisoSMS infects Android systems by deploying a class of malicious Android apps. The mobile malware masquerades as an Android settings app used for administrative tasks. When executed, it secretly steals the user’s personal SMS messages and emails them to a command-and-control (CnC) infrastructure hosted in China,” the researchers reported.

The majority of infections have occurred in the far East, and that the attackers are known to have logged in to the malicious email accounts to retrieve stolen data from both Korea and mainland China, the researchers said.

“MisoSMS is active and widespread in Korea, and we are working with Korean law enforcement and the Chinese Web mail vendor to mitigate this threat. This threat highlights the need for greater cross-country and cross-organizational efforts to take down large malicious campaigns,” the researchers reported.

“At the time of of this blog post, all of the reported malicious email accounts have been deactivated and we have not noticed any new email addresses getting registered by the attacker.”

Read More Here…