New Android malware that is tied to more than 60 mobile botnet campaigns has been stealthily emailing personal SMS messages to a remote server, according to FireEye security researchers.
The mobile spyware, called MisoSMS, has infected hundreds of users and is tied to command-and-control infrastructure hosted in China, according to researchers at FireEye, who worked with law enforcement to disrupt portions of the operation. FireEye called the Android threat one of the largest, most advanced mobile botnets to date, comprising more than 450 unique malicious email accounts.
The attackers used an old-school method of retrieving stolen data, leveraging free or hijacked webmail accounts as part of the botnet command-and-control infrastructure. The attacks primarily have impacted Android smartphone owners in Korea, FireEye said. But similar attack campaigns can be copied and used against Android owners in other countries, including the U.S.
[Related: BYOD And MDM: 10 Vendors That Get It]
"We are working with Korean law enforcement and the Chinese webmail vendor to mitigate this threat," FireEye said in its analysis of the threat. "This threat highlights the need for greater cross-country and cross-organizational efforts to take down large malicious campaigns."
Android malware accounts for more than 90 percent of the threats targeting smartphones and tablet devices, according to security vendors. Much of the attention is focused on SMS Trojans designed to rack up premium-rate charges on a victim's bill.
And mobile malware is slowly getting more sophisticated, say security experts. The latest SMS Trojan variant enables an attacker to make phone calls without user intervention, according to San Francisco-based mobile security vendor Lookout. The company said Mouabad malware could give cybercriminals the ability to remotely spy on conversations.
Other mobile threats include applications linked to aggressive advertising platforms that collect as much information as possible on the device owner. Symantec has been working to identify vulnerabilities in aggressive advertising libraries and recently identified hundreds of freely available mobile apps linked to advertising networks with serious flaws.
Android threats, however, are not causing businesses to restrict the use of Android devices, according to solution providers. Instead, organizations attempt to apply security controls around devices.
Many businesses have been evaluating solutions or starting with small-scale projects, said Ben Goodman, president of 4A Security, a New York-based managed security service provider. Goodman said companies want to ensure that employees are protecting their devices with a PIN code, encrypting sensitive corporate data and that the business has a way to wipe the device if it is reported lost or stolen.
"Mobile has become a key piece of the attack surface that is getting bigger and bigger and it's making corporate networks more porous," Goodman told CRN in a recent interview. "From a compliance standpoint, there's very specific guidance regarding data protection and that has to be applied to mobile devices as well."
PUBLISHED DEC. 17, 2013