Cyber Criminals Spread Malware by Using Fake Telecom Stations

Base Transceiver Stations (BTSs) are tools which are installed on towers of cellular phones. Creators of this malware have used fake BTSs to send SMS messages containing links to Android malware.

Michael Downs, Director of telecoms security of Positive Technologies said: "The usage of fake mobile telephone towers is old practice and it is not restricted to China but it is difficult to detect them because of unreliable evidence.

The attacks spread a series of Android malware known as Swearing, produced from its source code containing many Chinese nuisance words. Security researchers discovered it from Tencent Security and is only polluting in China.

Authors of Swearing malware install its malware in a rather unique and tactful mode with the help of rogue BTS equipment to trap close-by smartphones into a separate network of the mobile. From here, they send messages through SMS to the victim and tricked to look as if these were sent by mobile providers.

The messages consist links to malicious APK files which users are asked to install. And locals are habitual to install APKs from unreliable sources because Google Play Store is blocked in China.

Such APKs consist Swearing Trojan which is believed to be a threat all around. Telegiz.com posted on March 22nd, 2017, stating that the malware could apparently collect personal user credentials from infected device, show scam messages which need login information and interrupt SMS messages to avoid two-factor authentication systems and other one-time code systems normally used by banks.

Both HummingBird and Swearing are expected to spread on other countries, mainly due to efficiency of using BTS equipment to capture and lure users to install the malware payload.

Downs advises users of mobile: "users should update the firmware of the handset regularly, particularly when a new version is released because this will often fix vulnerabilities which criminals will try to exploit. The usage of anti-virus software could also help to prevent malware from being installed on the device inadvertently - although only reliable marketplaces should be used. The best weapon is good old sense - any strange SMS messages, particularly those having links irrespective of who has sent these, should never be clicked and should be deleted straightway.

» SPAMfighter News - 3/28/2017