Insecurity experts at NQ Mobile have discovered new Android malware that is controlled via SMS which can record calls and surrounding noise.
Dubbed TigerBot, the malware was found circulating in the wild via non-official Android channels.
It can hide itself on a compromised device by refusing to install an icon on the home screen, and by masking itself with a legit application name such as Flash or System.
Once active, it will register a receiver with a high priority to listen to the intent with action “android.provider.Telephony.SMS_RECEIVED.”
Writing from its bog, NQ said that when you receive a new SMS message, TigerBot will check whether the message is a specific bot command. If it is it will prevent this message from being seen by the users and then execute the command.
TigerBot can record sounds in the immediate area of the device, as well as calls themselves. It can alter network settings, report its current GPS coordinates, capture and upload images, kill other processes, and reboot the phone.
Some of the commands are not perfectly supported. The command to kill other processes may only work on early Android versions.
However, the fact that TigerBot and any variants can be controlled without the user’s knowledge marks it as a serious risk, the mobile security firm said.
NQ added that users should always reject application requests from unknown sources and closely monitor permissions requested by any software.