F-Secure researchers have come across an interesting Android malware. What’s interesting about this threat is that it uses SMTP to send the data it steals to its masters.
In general, there’s nothing out of the ordinary about this malware. It poses as “Google Service” to remain undetected, and it makes sure it stays persistent by asking the user to activate device administrator.
Once it’s installed, it starts collecting information such as phone number, sent and received SMS messages and recorded audio.
The harvested information is added to an email and sent via SMTP servers such as smtp.gmail.com, smtp.163.com and smtp.126.com back to the cybercriminals.
F-Secure experts believe that the Trojan, detected as Trojan:Android/SMSAgent.C, has been created by Chinese developers.
The threat was first spotted around one month ago on alternative Android app markets and other shady websites. Currently, it’s still making the rounds.