Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

SMS Worm Hits Chinese Users Hard, Installs Android Backdoor

A large number of Android devices in China were infected with an SMS worm on August 2, the day the country celebrated Valentine’s Day. The creator of this piece of malware has already been identified and detained, according to reports.

A large number of Android devices in China were infected with an SMS worm on August 2, the day the country celebrated Valentine’s Day. The creator of this piece of malware has already been identified and detained, according to reports.

Kaspersky Lab said on Wednesday that the malware made its way onto roughly 500,000 devices in just six hours after being launched, but Chinese media reported that it infected a total of over 1 million smartphones. 

According to the security firm, the threat, detected as Trojan.AndroidOS.Xshqi.a, has two components: a spreading mechanism (XXshenqi.apk) and a backdoor (Trogoogle.apk). Once it infects a device, the malware sends SMSs containing a link to all the contacts in the victim’s address book in an effort to trick them into installing the Trojan. Then, it attempts to get users to install Trogoogle.apk, detected by Kaspersky as Backdoor.AndroidOS.Trogle.a.

The backdoor has numerous functions. It asks users to register the app, process during which it instructs them to hand over personal information, and it enables the attackers to send various commands to the infected device. Its masters can create and send text messages, and they can also monitor the victim’s SMSs and forward them to their own servers.

 “The fact that this Trojan combination appeared on the Chinese Valentine’s Day is premeditated, taking advantage of user credulity on this special day. And it uses social engineering techniques to spread as much as possible and infect more devices. This Trojan is a good example of why it’s always worth thinking twice about trusting a link received on your mobile phone,” Kaspersky researcher Vigi Zhang wrote in a blog post.

According to Chinese media, authorities have already tracked down the individual responsible for creating the Trojan. His name is Li and he studies software engineering.

The 19-year-old college student admitted creating the malware, but claimed that he only did it for fun and to show off his skills. He didn’t realize that it would spread so quickly, he told police. Li was detained in the city of Shenzhen while visiting his parents.

Advertisement. Scroll to continue reading.

“I deeply regret what I have done to the phone users who were affected by the virus,” Li said, cited by the Shenzhen Daily.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.