As reported last week, Mark Balanza - a threat analyst with Trend Micro - noted that Nickispy eavesdrops on users and data sessions on the infected mobile device. And, because the malware does not display an icon on the infected device, it can be difficult to spot, let alone eradicate.
Now Lion Gu, a senior threat researcher with the firm, says that a Chinese website is offering mobile phone monitoring tools and services to customers, who are then given access to the back-end of the site to retrieve information.
“However, such services are not cheap and can cost from $300.00 to $540.00”, he says, adding that once a customer decides to employ the service, s/he gets an account to log into the back-end of the server, where information collated from a target device can be viewed.
The back-end service can be accessed through a portal, he asserts, where the user must first send an MMS message that includes malware as an attachment to a victim''s mobile phone number.
From there, he says, the malware - once installed on the victim''s mobile phone - will be used to monitor for information related to SMS messages, phone calls, device location, and email messages. Reports are then sent back to the back-end service, which can then be accessed by the customer through the Web portal.
One key issue, he adds in his latest security posting, is that the customer can spoof which number will be displayed as the sender of the infection-laden MMS message.
“Using a number that the victim is familiar with may convince the victim that he or she is receiving a normal MMS message, and be completely unaware that a malware was already installed in their device”, he notes.
The advertisement on the Web site offering this service, says Gu, says that the site offers the service to anyone that wants to spy on Symbian and Windows Mobile users, but he adds that if they also start offering the service to users wanting to infect Android users, it is no surprise the smartphone spying business is expanding.