SMS controlled Android malware named, Tigerbot, has been recently uncovered by NQ Mobile Security Research Center, in collaboration with Dr. Xuxian Jiang’s team at North Carolina State University. This malware can record phone calls, send SMS messages, upload the device’s GPS location, and reboot the phone.
NQ Mobile claims TigerBot receives remote commands via SMS messages.
In order to receive remote commands, it registers a receiver with a high priority to listen to the intent with action “android.provider.Telephony.SMS_RECEIVED”. As a result, it can receive and intercept incoming SMS messages before others with lower priorities.
When the device receives a new SMS message with a specific bot command, Tigerbot will hide the message and execute the command. The malware has been found to support the following commands:
- Record sounds in the phone, including phone calls, surrounding sounds, etc.
- Change network settings
- Upload current GPS location
- Capture and upload images
- Send SMS to a particular number
- Reboot the phone
- Kill other running processes
TigerBot hides itself from the user by using common application names such as “system” or “flash” in the installed apps list.
NQ Mobile researchers advises Android users to be more careful in downloading Android apps. Never accept application requests from unknown sources and only download applications from trusted sources.[Source: NQ Mobile Security Research Center]