SMS Thief

SMS Thief disguises itself as an uninstaller app available on a third party Chinese app store. Once the app is downloaded onto the user’s device, the SMS messages of an Android user can be sent out and made available for the hacker and the public. When the app is downloaded, the app icon is hidden from the app launcher and continues to run in the background. The malware intercepts, copies, and forwards SMS messages from the user’s device while it runs in the background. This results in the loss of personal information as the victim’s private messages sent and received on the infected device are made public. Additionally, SMS Thief sends messages to premium numbers from the victim’s device, resulting in extra unauthorized charges for the victim while the malicious actors behind the campaign generate a profit.

Reporting

  • October 2015: Multiple new variants of SMS Thief surface. (AdaptiveMobile)
     
  • August 2014: SMS Thief first identified. (PCMag)

Technical Details

  • Adaptive Mobile provides technical analysis of SMS Thief here
 

One example of the SMS Thief variant. Image Source: Adaptive Mobile