Level 63
Content Creator
Malware Hunter
A newly discovered piece of malware has been used by a China-linked threat group to spy on SMS traffic as it passes through the servers of telecommunications companies, FireEye reported on Thursday.

The new malware, dubbed MESSAGETAP, has been used by a Chinese threat actor tracked by FireEye as APT41. The group has been active since at least 2012 and it has been involved in both espionage and financially-motivated operations. MESSAGETAP was discovered earlier this year by the cybersecurity firm during an investigation at a mobile network operator.

FireEye described the malware as a 64-bit ELF data miner that targets Linux servers used as Short Message Service Center (SMSC) servers, which are responsible for routing SMS messages to the intended recipient. Once it infects a server, the malware can monitor all network connections in an effort to identify and extract SMS messages. MESSAGETAP can intercept not only the content of SMS messages, but also IMSI numbers and the phone numbers of both the sender and the recipient.


Level 14
Chinese hackers deployed a new cyber-espionage tool on Linux servers belonging to a telecommunications network provider to steal SMS message content for specific recipients.
The threat actor's activity on the compromised machines extended to stealing call records from individuals of interest to intelligence services in China.
The campaign is attributed to APT41, a state-sponsored group of advanced hackers running espionage activity on behave of the Chinese government. The activity of this group traces back to 2012.


Level 25
Wow... wonderful news. I was just thinking about how RCS which is supposed to replace SMS is hosted on unencrypted servers and is sending data unencrypted. Android users have no safe encrypted alternative in the US. Whatsapp is popular everywhere else but not here.