A large number of Android devices in China were infected with an SMS worm on August 2, the day the country celebrated Valentine’s Day. The creator of this piece of malware has already been identified and detained, according to reports.
Kaspersky Lab said on Wednesday that the malware made its way onto roughly 500,000 devices in just six hours after being launched, but Chinese media reported that it infected a total of over 1 million smartphones.
According to the security firm, the threat, detected as Trojan.AndroidOS.Xshqi.a, has two components: a spreading mechanism (XXshenqi.apk) and a backdoor (Trogoogle.apk). Once it infects a device, the malware sends SMSs containing a link to all the contacts in the victim’s address book in an effort to trick them into installing the Trojan. Then, it attempts to get users to install Trogoogle.apk, detected by Kaspersky as Backdoor.AndroidOS.Trogle.a.
The backdoor has numerous functions. It asks users to register the app, process during which it instructs them to hand over personal information, and it enables the attackers to send various commands to the infected device. Its masters can create and send text messages, and they can also monitor the victim’s SMSs and forward them to their own servers.
“The fact that this Trojan combination appeared on the Chinese Valentine’s Day is premeditated, taking advantage of user credulity on this special day. And it uses social engineering techniques to spread as much as possible and infect more devices. This Trojan is a good example of why it’s always worth thinking twice about trusting a link received on your mobile phone,” Kaspersky researcher Vigi Zhang wrote in a blog post.
According to Chinese media, authorities have already tracked down the individual responsible for creating the Trojan. His name is Li and he studies software engineering.
The 19-year-old college student admitted creating the malware, but claimed that he only did it for fun and to show off his skills. He didn’t realize that it would spread so quickly, he told police. Li was detained in the city of Shenzhen while visiting his parents.
“I deeply regret what I have done to the phone users who were affected by the virus,” Li said, cited by the Shenzhen Daily.
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
- British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers
- Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Hive Ransomware Operation Shut Down by Law Enforcement
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
- Dozens of Cybersecurity Companies Announced Layoffs in Past Year
Latest News
- Sentra Raises $30 Million for DSPM Technology
- Cyber Insights 2023: Cyberinsurance
- Cyber Insights 2023: Attack Surface Management
- Cyber Insights 2023: Artificial Intelligence
- Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
- Guardz Emerges From Stealth Mode With $10 Million in Funding
- How the Atomized Network Changed Enterprise Protection
- Critical QNAP Vulnerability Leads to Code Injection
