The NQ Mobile Security Research Center, in collaboration with researchers at North Carolina State University, recently uncovered a new form of Android malware called TigerBot, which is controlled via SMS messages.
"In order to receive remote commands, it registers a receiver with a high priority to listen to the intent with action 'android.provider.Telephony.SMS_RECEIVED,'" NCSU assistant professor Xuxian Jiang wrote in a security alert. "As a result, it can receive and intercept incoming SMS messages before others with lower priorities. Upon receiving a new SMS message, TigerBot will check whether the message is a specific bot command. If so it will prevent this message from being seen by the users and then execute the command accordingly."
"In addition to being able to record phone calls, upload the phone’s GPS location and reboot the phone, TigerBot can change the device's network setting, capture and upload images, send SMS messages and kill running processes," writes Threatpost's Christopher Brook.
"To remain undetected, TigerBot poses as an app from a legitimate company like Google or Adobe, and once downloaded, it displays no icon on the victim's home screen," writes SecurityNewsDaily's Matt Liebowitz.
Thus far, the researchers report, the malware has only been found in unofficial Chinese Android market, not on Google Play.