All the latest UK technology news, reviews and analysis

FireEye finds six Android malware variants with data-stealing powers

21 Jan 2014
Google Android Malware

Six new variants of the notorious Android.HeHe data-stealing malware have been discovered targeting smartphone users.

FireEye threat researcher Hitesh Dharmdasani reported uncovering the malware in a blog post, confirming that they are all being spread via a number of bogus Android security services.

"FireEye Labs has recently discovered six variants of a new Android threat that steals text messages and intercepts phone calls," read the post.

"The app disguises itself as ‘Android security', advertising itself as an OS update. It contacts the command-and-control (CnC) server to register itself then goes on to monitor incoming SMS messages."

Dharmdasani said when installed on an Android device, the malware grants its authors a variety of data-siphoning powers including SMS and call monitoring, remote-wipe and call-blocking powers.

All of the malwares reportedly let the hackers know the version number of the app that delivered the malware, the model of the infected phone, the Android version installed on the phone and the type of network associated with the device.

"The CnC is expected to respond with a list of phone numbers that are of interest to the malware author. If one of these numbers sends an SMS or makes a call to an infected device, the malware intercepts the message or call, suppresses device notifications from the device, and removes any trace of the message or call from device logs," explained Dharmdasani.

"Any SMS messages from one of these numbers are logged into an internal database and sent to the CnC server. Any phone calls from these numbers are silenced and rejected."

The FireEye threat researcher confirmed the CnC server it had been studying has since gone inert, indicating that the authors of the malware were aware their racket had been compromised.

Director of security strategy at FireEye Jason Steer told V3 that businesses may be concerned by the added powers, as the malware could be used to siphon corporate data.

“This branch of apps are clearly designed for intelligence gathering – doing nothing other than collecting information that the attackers can use. If this was a banking attack, for example, one may see the exfiltration of SMS codes to other infrastructure or if was a corporate attack we may see other information being exfiltrated such as mails, messages and GPS details. So the fact that so little is taken would indicate this is quite narrow and gathering some information on specific phone numbers to target.”

Steer told V3 that FireEye expects to uncover more Android malware in the very near future. “Android malware will continue to grow as more consumers buy good quality handsets and businesses adopt the BYOD model – the lack of maturity in the mobile industry enables attackers to be very successful with both targeted and broad attacks and until security is better baked into Android, attacks will continue to grow,” he said.

Steer's forecast mirrors that of numerous other technology companies. Network giant Cisco, confirmed its research shows 99 percent of all mobile malware is designed to target the Android platform earlier this month.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?

Popular Threads

Powered by Disqus
Sony Xperia Z2 smartphone running Android KitKat 4.4

Sony Xperia Z2 video

We test out the latest Android KitKat flagship from Sony

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery


iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Developer (Edinburgh, Glasgow, or Dundee)

Role: Developer Location: Edinburgh, Glasgow or Dundee...

SQL BI Developer

Role: SQL BI Developer Location: Edinburgh Salary...

.NET Developer/Solutions Architect

Role: .NET Developer/Solutions Architect Location...

Software Development Engineer

Develop: Customise: Configure. Maximise your technical...
To send to more than one email address, simply separate each address with a comma.