Security experts from NQ Mobile have recently detected new Android malware which is controlled through SMS messages. The malware, dubbed TigerBot, is able to record calls and surrounding noise.
TigerBot was detected while circulating in the wild through non-official Android channels.
The malware is wise: it can hide itself on a targeted device. TigerBot refuses to install an icon on the home screen, and masks itself with an ordinary application name like Flash or System.
Once active, TigerBot registers a receiver marked as a high priority in order to listen to the intent with action “android.provider.Telephony.SMS_RECEIVED”.
NQ Mobile explained that when a user receives a new SMS message, the malware would run a check to find out whether the message is a specific bot command. In the event it is TigerBot will prevent it from being seen by the user, after which it will execute the command.
The malware is able to record sounds in the immediate area of the device, along with the calls themselves. It is also able to alter network settings and report the current GPS coordinates of the device. TigerBot was proved to manage capturing and uploading pictures, killing other processes and rebooting the infected device.
However, the malware isn’t written perfectly enough. For instance, some of its commands aren’t routinely supported: the command to kill other processes can only be performed on early Android versions. Still, the mobile security company points out that the fact that this piece of malware and any of its variants might be controlled without your knowledge does mean that it is a serious threat. The insecurity specialists added that users are recommended to always reject unknown application requests and attentively monitor permissions requested by any program.