Chinese Cyberspies Use New Malware to Intercept SMS Traffic at Mobile Operators

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
A newly discovered piece of malware has been used by a China-linked threat group to spy on SMS traffic as it passes through the servers of telecommunications companies, FireEye reported on Thursday.

The new malware, dubbed MESSAGETAP, has been used by a Chinese threat actor tracked by FireEye as APT41. The group has been active since at least 2012 and it has been involved in both espionage and financially-motivated operations. MESSAGETAP was discovered earlier this year by the cybersecurity firm during an investigation at a mobile network operator.

FireEye described the malware as a 64-bit ELF data miner that targets Linux servers used as Short Message Service Center (SMSC) servers, which are responsible for routing SMS messages to the intended recipient. Once it infects a server, the malware can monitor all network connections in an effort to identify and extract SMS messages. MESSAGETAP can intercept not only the content of SMS messages, but also IMSI numbers and the phone numbers of both the sender and the recipient.
 

[correlate]

Level 18
Top Poster
Well-known
May 4, 2019
801
Chinese hackers deployed a new cyber-espionage tool on Linux servers belonging to a telecommunications network provider to steal SMS message content for specific recipients.
The threat actor's activity on the compromised machines extended to stealing call records from individuals of interest to intelligence services in China.
The campaign is attributed to APT41, a state-sponsored group of advanced hackers running espionage activity on behave of the Chinese government. The activity of this group traces back to 2012.
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Wow... wonderful news. I was just thinking about how RCS which is supposed to replace SMS is hosted on unencrypted servers and is sending data unencrypted. Android users have no safe encrypted alternative in the US. Whatsapp is popular everywhere else but not here.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top