Check Point Software blogged about Chinese hackers who have taken smishing to the next level, using a rogue cell phone tower to distribute Android banking malware via spoofed SMS messages.
Security researchers at Check Point discovered that Chinese hackers are using fake base transceiver stations (BTS towers) to distribute "Swearing Trojan," an Android banking malware.
Smishing — phishing attacks sent via SMS — is a type of attack where bad guys use spoofing to social engineer mobile users into downloading a malware app onto their smartphones or trick victims into giving out sensitive information. The maximum range of a BTS antenna is between 10-22 miles, so this technique is very sophisticated and successful in targeted attacks.
This is the first-ever reported real-world case
This is the first ever reported real-world case in which the bad guys used BTS — a piece of equipment usually installed on cellular telephone towers — to spread malware.
The phishing SMS, which masquerades itself as the one coming from Chinese telecom service providers China Mobile and China Unicom, contains very convincing text with a link to download malicious Android APK. Since Google Play Store is blocked in China, the SMS easily tricks users into installing the APK from an untrusted source.
"Using a BTS to send fake messages is quite sophisticated, and the SMS content is very deceptive. The message tricks users into clicking a malicious URL which installs malware," Check Point said in their blog post.
Once installed, the Swearing malware distributes itself by sending automated phishing SMSes to a victim's contacts.
No Command & Control Servers
Noteworthy is that to avoid detection, the Swearing trojan doesn't connect to a C&C server but uses SMS or emails to send stolen data back to the bad guys. Check Point said: "This provides the malware with good cover for its communications and hinders attempts to trace any malicious activity."
Hackers Get Smarter By The Month Social Engineering Your Users
This is a great example why you need to constantly train your users and keep them on their toes with security top of mind. Our module Mobile Device Security explains how users can arm themselves against attacks like this.