All the latest UK technology news, reviews and analysis

FireEye finds six Android malware variants with data-stealing powers

21 Jan 2014
Google Android Malware

Six new variants of the notorious Android.HeHe data-stealing malware have been discovered targeting smartphone users.

FireEye threat researcher Hitesh Dharmdasani reported uncovering the malware in a blog post, confirming that they are all being spread via a number of bogus Android security services.

"FireEye Labs has recently discovered six variants of a new Android threat that steals text messages and intercepts phone calls," read the post.

"The app disguises itself as ‘Android security', advertising itself as an OS update. It contacts the command-and-control (CnC) server to register itself then goes on to monitor incoming SMS messages."

Dharmdasani said when installed on an Android device, the malware grants its authors a variety of data-siphoning powers including SMS and call monitoring, remote-wipe and call-blocking powers.

All of the malwares reportedly let the hackers know the version number of the app that delivered the malware, the model of the infected phone, the Android version installed on the phone and the type of network associated with the device.

"The CnC is expected to respond with a list of phone numbers that are of interest to the malware author. If one of these numbers sends an SMS or makes a call to an infected device, the malware intercepts the message or call, suppresses device notifications from the device, and removes any trace of the message or call from device logs," explained Dharmdasani.

"Any SMS messages from one of these numbers are logged into an internal database and sent to the CnC server. Any phone calls from these numbers are silenced and rejected."

The FireEye threat researcher confirmed the CnC server it had been studying has since gone inert, indicating that the authors of the malware were aware their racket had been compromised.

Director of security strategy at FireEye Jason Steer told V3 that businesses may be concerned by the added powers, as the malware could be used to siphon corporate data.

“This branch of apps are clearly designed for intelligence gathering – doing nothing other than collecting information that the attackers can use. If this was a banking attack, for example, one may see the exfiltration of SMS codes to other infrastructure or if was a corporate attack we may see other information being exfiltrated such as mails, messages and GPS details. So the fact that so little is taken would indicate this is quite narrow and gathering some information on specific phone numbers to target.”

Steer told V3 that FireEye expects to uncover more Android malware in the very near future. “Android malware will continue to grow as more consumers buy good quality handsets and businesses adopt the BYOD model – the lack of maturity in the mobile industry enables attackers to be very successful with both targeted and broad attacks and until security is better baked into Android, attacks will continue to grow,” he said.

Steer's forecast mirrors that of numerous other technology companies. Network giant Cisco, confirmed its research shows 99 percent of all mobile malware is designed to target the Android platform earlier this month.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Beacon technology: what are the opportunities and how does the technology work?

This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Head of Digital Product Management

Head of Digital Product Management is required for a...

Front End UI / UX Developer - HTML5 - Big Data Analytics

Front End UI / UX Developer - HTML5 - Big Data Analytics...

Software Trainer - Marketing Data Analysis & Automation Software

Software Trainer - Marketing Data Analysis & Automation...

Technical Support Consultant -SQL- Marketing Analysis/Automation

SaaS / Technical Support Consultant - SQL - Marketing...
To send to more than one email address, simply separate each address with a comma.