Site news

SMS Stealing Library Found in 18,000 Android Applications

SMS Stealing Library Found in 18,000 Android Applications

by Yaakub Idris -
Number of replies: 0

In summary,

  1. The offending library was found to request permissions access for both network and SMS.
  2. It register receiver name com.zdtpay.Rf2b for SMS_RECEIVED and BOOT_COMPLETED.
    • The receiver Rf2b reads messages as soon as they arrive and collects both the message body and the sender.
    • A part of the SMS stealing functionality has been found inside applications that contain the embedded URL hxxp://112.126.69.51/2c.php, which represents the address to which the stolen messages are uploaded.

Read more...