A new Android malware is using SMTP to send the data it steals to its masters.
In general, there’s nothing out of the ordinary about this malware, said researchers from F-Secure. It poses as “Google Service” to remain undetected, and it makes sure it stays persistent by asking the user to activate device administrator.
Once installed, it starts collecting information such as phone number, sent and received SMS messages and recorded audio.
The harvested information ends up added to an email and sent via SMTP servers such as smtp.gmail.com, smtp.163.com and smtp.126.com back to the cybercriminals.
F-Secure researchers said they believe Chinese developers created the Trojan, detected as Trojan:Android/SMSAgent.C.
Researchers first found the threat one month ago on alternative Android app markets and other precarious websites. Currently, it’s still out there on the loose.