Site news

SMS Stealing Library Found in 18,000 Android Applications

 
 
Picture of Yaakub Idris
SMS Stealing Library Found in 18,000 Android Applications
by Yaakub Idris - Sunday, 25 October 2015, 1:14 AM
 

In summary,

  1. The offending library was found to request permissions access for both network and SMS.
  2. It register receiver name com.zdtpay.Rf2b for SMS_RECEIVED and BOOT_COMPLETED.
    • The receiver Rf2b reads messages as soon as they arrive and collects both the message body and the sender.
    • A part of the SMS stealing functionality has been found inside applications that contain the embedded URL hxxp://112.126.69.51/2c.php, which represents the address to which the stolen messages are uploaded.

Read more...