updated 4/6/2012 1:20:12 PM ET 2012-04-06T17:20:12

Researchers have found yet another piece of invasive malware built to steal texts, intercept phone calls and generally wreak havoc on Android phones.

Dubbed "TigerBot," the malware can also upload the phone's GPS location, reboot the phone, capture images, change the network setting, send texts and kill running processes, NQ Mobile reported  on its blog.

Working with researchers at North Carolina State University, NQ Mobile discovered that TigerBot differs from the hordes of Android-specific threats in the way it receives its devious instructions.

[How to Detect Malicious Android Apps Before They Infect Your Smartphone or Tablet]

"In order to receive remote commands, it registers a receiver with a high priority to listen to the intent with action 'android.provider.Telephony.SMS_RECEIVED.'" NQ Mobile wrote. "As a result, it can receive and intercept incoming SMS messages before others with lower priorities."

When the phone receives a new text message, TigerBot scans it to see if it's a malicious command. "If so, it will prevent this message from being seen by the users and then execute the command accordingly," NQ Mobile explained.

To remain undetected, TigerBot poses as an app from a legitimate company like Google or Adobe, and once downloaded, it displays no icon on the victim's home screen.

There are hundreds of millions of Android customers who could fall prey to TigerBot, but  so far the malware has been spotted only in unauthorized third-party Android app stores, not in Google's official Google Play market. This is also the case with the new variant of Legacy Native (LeNa) Android malware, which steals confidential phone information without any interaction on the victims' part.

Stay safe from fraudulent smartphone apps  by reviewing an app's ratings, customer reviews and permissions before you download it. Monitor your phone for unusual behavior that may indicate it's been infected, and regularly check your phone bill and usage statistics for any unusual activity.

© 2012 SecurityNewsDaily. All rights reserved


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments