New malware that infects Android "TigerBot" has appeared, call tapping also possible

TigerBot "for Android which can be remotely controlled by SMS has appeared. By receiving SMS command, it is extremely bad specification that you can record phone calls, GPS information, photo shoot and upload, etc. Since the icon is not displayed on the home screen, it is hard to notice even if installed, so considerable attention Is required.

Security Alert: New Android Malware - TigerBot - Identified in Alternative Markets | NQ Mobile U.S. Security Research Center


SMS-controlled Malware Hijacking Android Phones | SecurityWeek.Com


NQ MobileThe National Security Research Center is located at North Carolina State UniversityDr. Xuxian JiangIn collaboration with the team, I found TigerBot. TigerBot is already controlled by SMS (Short Message) unlike existing malware on the web. According to the investigation so far, it is known that TigerBot has a built-in payload for executing various commands.

Even if TigerBot is installed, the icon is not displayed on the home screen. Even in the list of installed applications, icons are disguised as Google search icons, etc., as their names imply "System" or "Flash", it is difficult to notice. Here is an example.


TigerBot can be remotely controlled by SMS. In order to receive the remote command, register the receiver as a high priority service "android.provider.Telephony.SMS_RECEIVED". By doing so, you can also intercept SMSs with lower priority. When TigerBot receives a new SMS, it first checks whether the message is a specific bot command. If it is a command, execute the command so as not to be seen by the user.

The following commands are listed as TigerBot executable commands.

Recording of sounds around the telephone including call voice
· Change network settings
· Upload current GPS location
· Photo shoot and upload
Send SMS to specific number
· Restart phone
· Forced termination of other running processes

However, according to the survey, it seems that not all are supported, and the command to forcibly terminate another process does not work unless it is the initial Android, and "android.intent.action.REBOOT" I will send it all alone (the example below is an example).


The fact that TigerBot can be operated remotely without being informed to the user is a serious threat to mobile users. In order not to be a victim of this malware, please follow the common sense security guidelines when using smartphones firmly.

1. Download applications from trusted sites, reputable stores and markets. In doing so, check reviews, ratings, and developer information.
2. Never accept applications from unknown sites. Also, be sure to check exactly what kind of authority you are requesting when you put the application.
3. Be careful about abnormal operation of mobile phone. Include a trusted security application that can check the application being downloaded.