Android Malware TigerBot - Identified in Alternative Markets

by Carol~ Moderator - 4/5/12 12:18 PM

In Reply to: NEWS - April 05, 2012 by Carol~ Moderator

"Security Alert: New Android Malware - TigerBot - Identified in Alternative Markets"

From the NQ Mobile Security Research Center Blog:

NQ Mobile Security Research Center , in collaboration with Dr. Xuxian Jiang's team at North Carolina State University, has recently uncovered a new malware -TigerBot. Different from most existing malware controlled through web, this malware is controlled via SMS messages. Based on our current analysis, this malware has the built-in payload to execute a variety of commands ranging from uploading current location, sending SMS messages, to even recording phone calls. Also, to hide its existence, this malware chooses not to show any icon on the home screen, but disguises with legitimate app names by pretending to be apps from legitimate vendors such as Google and Adobe.

HOW IT WORKS?

When TigerBot is being installed, there is no icon on the home screen. When being shown in the installed app list, it displays the same icons with popular apps (e.g., Google's search app) and uses common app names (e.g., "system" or "flash"). By doing so, the malware intends to avoid being noticed by users. In the following, we show an example icon and app name reported in the app list. [Screenshot]

TigerBot can be remotely controlled by sending SMS messages. In order to receive remote commands, it registers a receiver with a high priority to listen to the intent with action "android.provider.Telephony.SMS_RECEIVED". As a result, it can receive and intercept incoming SMS messages before others with lower priorities.

Continued : http://research.nq.com/?p=402

See: New Android Malware Variant Can Remotely Root Phone