A few months back, we reported about an Android malware targeting China Mobile subscribers by abusing premium services, and more recently, one that monitors for certain keywords in text messages. What’s the connection between these two? Well, we were able to analyze an Android malware sample that does both of the previously mentioned routines.
Detected as ANDROIDOS_AUTOSUBSMS.A, this sample was found in Trojanized versions of certain applications, which are still currently available for download in certain Chinese third-party app stores.
It installs the receiver called util.Smsreceiver, which executes every time an infected device receives a message. It also asks for certain permissions that the receiver requires to work. These permissions are not included in the app’s original version.