New Android Malware Controlled by SMS, Records Calls, GPS Location

A new form of Android malware controlled via SMS messages has been discovered and the malware can record phone calls, upload the device’s GPS location, and reboot the phone, among other things.

Researchers at NQ Mobile Security working with Dr. Xuxian Jiang’s team at nearby North Carolina State University uncovered the malware, named TigerBot.

TigerbotTigerbotDiscussing the malware on its blog, NQ Mobile claims TigerBot receives remote commands via SMS messages. Infected devices are programmed to accept the action “android.provider.Telephony.SMS_RECEIVED” and even intercept other, low-priority SMS messages.

Like much of Android malware of late, Tigerbot is stealthy – there’s no home screen icon and once installed, it uses common Google and Adobe application names like ‘system’ and ‘flash’ to disguise itself among legitimate applications.

In addition to being able to record phone calls, upload the phone’s GPS location and reboot the phone, TigerBot can change the device’s network setting, capture and upload images, send SMS messages and kill running processes, according to the blog post.

A flurry of malware has been hitting the Android platform en masse as of late.

TigerBot bears a striking resemblance to HippoSMS, an Android Trojan that was also found by researchers at NC State. Unlike TigerBot however, HippoSMS hijacked victims’ phones to send premium-rate SMS messages, instead of being controlled via SMS messages.

It was just last week that another form of Android malware with the ability to send out premium-rate SMS messages, TGLoader, was discovered by Jiang and his students.

Much like TGLoader and the latest variant of the Legacy Native (LeNA) malware, TigerBot hasn’t yet surfaced in Google Play (formerly Google’s Android Market) but does appear to be making the rounds on alternative markets.