The Latest in IT Security

Android Malware goes SMTP


Before we get to thinking that nothing is new under the Android malware sun, we get a small, but quite interesting surprise. An android malware that connects to SMTP servers to send an email.

Other than the SMTP-usage, the malware is pretty vanilla. Upon installation, the application asks the user to activate device administrator to stay persistent in the mobile device. This threat does not add any significant icons in the application menu, rather the user would need to check the Application Manager before finding out that there is an app masquerading as “Google Service”.

mobile1 (138k image)

After installation, the application will collect sensitive user information such as phone number, incoming and outgoing SMS, and recorded audio to an email address. Then it makes use of SMTP servers, particularly, and to send the stolen data. I smell something very China-ish here…

code (169k image)

Below is a screenshot of the threat’s attempt to connect to an SMTP server:

smtp (161k image)

This threat was found to be usually downloaded in third party Android markets or malicious websites. We first saw this malware family a month ago, but has been active since. We’re already detecting this threat as Trojan:Android/SMSAgent.C.

msms_android (59k image)

Post by — Swee Lai

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments