14 DAY TRIAL // The author of the SMS work for Android that infected no less than 500,000 devices in just six hours’ time, was caught less than a day after the first malware infection was detected.
The police in Shenzen arrested a 19-years-old, who is allegedly the creator of the worm dubbed “Heart App” by security researchers at Sophos.
According to them, the young man, identified only as “Li” because of the ongoing investigation, is a software engineering student. There are no details on the motivation of the student to write the malware, but the fact that its main functionality seemed to be harvesting personal user details is enough of a clue on the reason.
Visiting some friends in Shenzen, he released the malware piece into the wild, but after just 17 hours after the first detection, the police managed to catch him.
Malware researchers observed that Heart App, released on Chinese Valentine’s Day, had two components, one (XXshenqi.apk) for collecting personally identifiable information, and the other (Trogoogle.apk) for reading messages and sending their content to the malware author, either by using SMS or email.
Researchers at Sophos say that the first package covers its tracks by displaying a splash screen immediately after it is run; this is done to hide activity in the background, which consists in distribution via SMS to the first 99 entries present in the contact list.
It seems that Li’s coding skills are pretty good, but he needs to work on evasion techniques.