Android Malware goes SMTP

Before we get to thinking that nothing is new under the Android malware sun, we get a small, but quite interesting surprise. An android malware that connects to SMTP servers to send an email.

Other than the SMTP-usage, the malware is pretty vanilla. Upon installation, the application asks the user to activate device administrator to stay persistent in the mobile device. This threat does not add any significant icons in the application menu, rather the user would need to check the Application Manager before finding out that there is an app masquerading as “Google Service”.

mobile1 (138k image)

After installation, the application will collect sensitive user information such as phone number, incoming and outgoing SMS, and recorded audio to an email address. Then it makes use of SMTP servers, particularly, and to send the stolen data. I smell something very China-ish here…

code (169k image)

Below is a screenshot of the threat’s attempt to connect to an SMTP server:

smtp (161k image)

This threat was found to be usually downloaded in third party Android markets or malicious websites. We first saw this malware family a month ago, but has been active since. We’re already detecting this threat as Trojan:Android/SMSAgent.C.

msms_android (59k image)

Post by — Swee Lai

On 22/08/13 At 07:12 AM

Read more: Android Malware goes SMTP

Story added 22. August 2013, content source with full text you can find at link above.