Security researchers from FireEye have come across six versions of a new Android threat that’s designed to steal SMS messages and intercept phone calls. The malware has been dubbed “Android.HeHe.”
The malicious element is being distributed as a security update for the mobile operating system. Once it infects a device, it connects to its command and control (C&C) server and starts monitoring incoming SMSs.
The C&C sends the malware a list of phone numbers. If the infected device receives an SMS or a call from one of these numbers, the threat steps into play and intercepts the communications.
Text messages from these numbers are captured and sent back to the C&C server. As far as phone calls are concerned, they’re “silenced and rejected.”
Experts say the existence of threats such as Andorid.MisoSMS and Android.HeHe show that cybercriminals are becoming more and more interested in monitoring SMS and phone calls.
A detailed technical analysis of Android.HeHe is available on FireEye’s blog.