Controlling Android / Zitmo by SMS commands
A new sample of Zitmo is out, pretending to be an Android Security Suite. Like others in Zitmo, the malware is a SMS spy: it forwards incoming SMS message to a remote server. This particular sample responds to a few basic SMS commands we have reversed.
In the following video, we show one of these commands in action: a SMS whose body is ”/” and followed by a phone number sets up a new phone number for the spy. Then, all future incoming SMS are also forwarded to that phone number.
REXML could not parse this XML/HTML: <iframe width="420" height="315" src="http://www.youtube.com/embed/DCh6OJhMChw" frameborder="0" allowfullscreen></iframe>
For more information, we have written a detailed description of the malware.
– the Crypto Girl