All the latest UK technology news, reviews and analysis


FireEye finds six Android malware variants with data-stealing powers

21 Jan 2014
Google Android Malware

Six new variants of the notorious Android.HeHe data-stealing malware have been discovered targeting smartphone users.

FireEye threat researcher Hitesh Dharmdasani reported uncovering the malware in a blog post, confirming that they are all being spread via a number of bogus Android security services.

"FireEye Labs has recently discovered six variants of a new Android threat that steals text messages and intercepts phone calls," read the post.

"The app disguises itself as ‘Android security', advertising itself as an OS update. It contacts the command-and-control (CnC) server to register itself then goes on to monitor incoming SMS messages."

Dharmdasani said when installed on an Android device, the malware grants its authors a variety of data-siphoning powers including SMS and call monitoring, remote-wipe and call-blocking powers.

All of the malwares reportedly let the hackers know the version number of the app that delivered the malware, the model of the infected phone, the Android version installed on the phone and the type of network associated with the device.

"The CnC is expected to respond with a list of phone numbers that are of interest to the malware author. If one of these numbers sends an SMS or makes a call to an infected device, the malware intercepts the message or call, suppresses device notifications from the device, and removes any trace of the message or call from device logs," explained Dharmdasani.

"Any SMS messages from one of these numbers are logged into an internal database and sent to the CnC server. Any phone calls from these numbers are silenced and rejected."

The FireEye threat researcher confirmed the CnC server it had been studying has since gone inert, indicating that the authors of the malware were aware their racket had been compromised.

Director of security strategy at FireEye Jason Steer told V3 that businesses may be concerned by the added powers, as the malware could be used to siphon corporate data.

“This branch of apps are clearly designed for intelligence gathering – doing nothing other than collecting information that the attackers can use. If this was a banking attack, for example, one may see the exfiltration of SMS codes to other infrastructure or if was a corporate attack we may see other information being exfiltrated such as mails, messages and GPS details. So the fact that so little is taken would indicate this is quite narrow and gathering some information on specific phone numbers to target.”

Steer told V3 that FireEye expects to uncover more Android malware in the very near future. “Android malware will continue to grow as more consumers buy good quality handsets and businesses adopt the BYOD model – the lack of maturity in the mobile industry enables attackers to be very successful with both targeted and broad attacks and until security is better baked into Android, attacks will continue to grow,” he said.

Steer's forecast mirrors that of numerous other technology companies. Network giant Cisco, confirmed its research shows 99 percent of all mobile malware is designed to target the Android platform earlier this month.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Green IT poll

How important is it to your business that a cloud provider uses renewable energy like solar or wind to power their data centres?
22%
6%
3%
2%
67%

Popular Threads

Powered by Disqus
Xperia Z2 vs Galaxy Note 3 video review.jpg

Xperia Z2 vs Galaxy Note 3 video review

We pit Sony's 2014 flagship against Samsung's ruling phablet

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Oracle Application Developer

Oracle Applications Developer to work on a number of...

Technical Tester

Great opportunity in Manchester City Centre at the National...

PHP Developer - Soho, London

PHP Developer – Soho, London We're looking for talented...

Business Change Programme Manager

Business Change Programme Manager – up to £65K + Package...
To send to more than one email address, simply separate each address with a comma.