A newly discovered piece of malware has been used by a China-linked threat group to spy on SMS traffic as it passes through the servers of telecommunications companies, FireEye reported on Thursday.
The new malware, dubbed MESSAGETAP, has been used by a Chinese threat actor tracked by FireEye as APT41. The group has been active since at least 2012 and it has been involved in both espionage and financially-motivated operations. MESSAGETAP was discovered earlier this year by the cybersecurity firm during an investigation at a mobile network operator.
FireEye described the malware as a 64-bit ELF data miner that targets Linux servers used as Short Message Service Center (SMSC) servers, which are responsible for routing SMS messages to the intended recipient. Once it infects a server, the malware can monitor all network connections in an effort to identify and extract SMS messages. MESSAGETAP can intercept not only the content of SMS messages, but also IMSI numbers and the phone numbers of both the sender and the recipient.