Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

SMS Worm Hits Chinese Users Hard, Installs Android Backdoor

A large number of Android devices in China were infected with an SMS worm on August 2, the day the country celebrated Valentine’s Day. The creator of this piece of malware has already been identified and detained, according to reports.

A large number of Android devices in China were infected with an SMS worm on August 2, the day the country celebrated Valentine’s Day. The creator of this piece of malware has already been identified and detained, according to reports.

Kaspersky Lab said on Wednesday that the malware made its way onto roughly 500,000 devices in just six hours after being launched, but Chinese media reported that it infected a total of over 1 million smartphones. 

According to the security firm, the threat, detected as Trojan.AndroidOS.Xshqi.a, has two components: a spreading mechanism (XXshenqi.apk) and a backdoor (Trogoogle.apk). Once it infects a device, the malware sends SMSs containing a link to all the contacts in the victim’s address book in an effort to trick them into installing the Trojan. Then, it attempts to get users to install Trogoogle.apk, detected by Kaspersky as Backdoor.AndroidOS.Trogle.a.

The backdoor has numerous functions. It asks users to register the app, process during which it instructs them to hand over personal information, and it enables the attackers to send various commands to the infected device. Its masters can create and send text messages, and they can also monitor the victim’s SMSs and forward them to their own servers.

 “The fact that this Trojan combination appeared on the Chinese Valentine’s Day is premeditated, taking advantage of user credulity on this special day. And it uses social engineering techniques to spread as much as possible and infect more devices. This Trojan is a good example of why it’s always worth thinking twice about trusting a link received on your mobile phone,” Kaspersky researcher Vigi Zhang wrote in a blog post.

According to Chinese media, authorities have already tracked down the individual responsible for creating the Trojan. His name is Li and he studies software engineering.

The 19-year-old college student admitted creating the malware, but claimed that he only did it for fun and to show off his skills. He didn’t realize that it would spread so quickly, he told police. Li was detained in the city of Shenzhen while visiting his parents.

“I deeply regret what I have done to the phone users who were affected by the virus,” Li said, cited by the Shenzhen Daily.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...