During my investigation of mobile threats in the wild, I discovered a spytool, which is currently available on Google Play, that is actively being discussed on certain hacker forums. This tool’s beta version is available on the site since March 11. An estimated 500 – 1000 users have already downloaded the said spytool, which Trend Micro detects as ANDROIDOS_SMSSPY.DT.
Based on our analysis, this spytool gathers SMS messages from an infected mobile device and sends these to a remote FTP server at regular times set during the app’s installation. Below is the particular code embedded in the malicious app that executes the FTP Upload task that sends the stolen messages to defined FTP servers.
Affected users are at risk of having their personal and sensitive information stolen by potential attackers, who may use these for malicious purposes.
As the app is still in its beta testing, spying on a mobile device using this tool poses certain challenges. First, it should be installed onto the target device without the victim knowing about it. Second, potential attackers would need to setup their own FTP servers, which may be difficult for those with less advanced IT knowledge. However, the developers behind this tool are likely to release an updated version that may include features and improvements to make it easier to use.
Trend Micro users need not worry as their mobile devices are protected from this threat via Mobile Security Personal Edition. Users are advised to activate the lock function of their mobile devices for added security. When installing an app, users should always double-check the required permissions of the app, specially if it requests for permissions beyond its supposed function.
To know more on how to better protect yourself from threats related to your mobile devices, you may read our comprehensive e-guides below:
With additional input from Noriaki Hayashi