A mobile botnet named MisoSMS has given Android platform a kick in the botnets – it manages to steal personal SMS messages and send them to Chinese hackers. It is unclear though what a Chinese hacker would do with texts like “Honey, I’m still drink and can’t drive home”, or “Call me back ASAP”.
automatic-installation1.png

Security experts admitted that MisoSMS was one of the largest advanced mobile botnets ever, warning that it was being used in more than 60 spyware campaigns. The researchers revealed that the infection started in Android devices in Korea and noted that the intruders were logging into command-and-controls from Korea and mainland China. So far they discovered 64 mobile botnet campaigns in the MisoSMS malware family, along with an elaborate command-and-control system using over 450 malicious e-mail accounts. MisoSMS uses a malicious Android app called “Google Vx” which masqueraded as an Android settings app.

With a bit of trickery to get itself installed, the application in question secretly steals users’ personal SMS messages and emails them to a webmail command-and-control. An interesting thing is that some of SMS-stealing malware sends the contents of users’ SMS messages by forwarding them as SMS to phone numbers under the hackers’ control, while others send the stolen SMS messages to a CnC server over TCP connections, but MisoSMS sends the stolen messages to the hackers’ email address over an SMTP connection.

The security specialists said they had managed to get all of the reported malicious e-mail accounts deactivated in frames of a mitigation strategy with law enforcement and security response officials in both Korea and China.