Base transceiver stations (BTSs) is equipment that is installed on cellular telephone towers.
Malware authors have using fake BTSs’ to send SMS messages that contain links to Android malware.
Michael Downs, director of telecoms security at Positive Technologies said: “The use of fake cellular telephone towers is not new, nor is it restricted to China, but detecting them is difficult so anecdotal evidence is limited.”
“The issue is that the equipment to create a fake tower is legitimately available and relatively inexpensive to purchase. For those lacking the technical prowess, ‘how to’ guides can be found online. If that’s not worrying enough, there are even ready-made solutions traded where all that’s needed is to switch it on.”
“That said, operators could do more to keep track of their radio perimeter. Analysing radio signals can help identify fake BTS and, with the use of triangulation, pinpoint the location so fake towers can be disassembled.”
The malware being spread is called Swearing, because the source code contains Chinese swear words.
It was discovered by security researchers from Tencent Security last year, but the malware is only active in China.
How it works
Cyber criminals use the fake BTS equipment to snare mobile devices in a separate mobile network, are using rogue BTS equipment to trap nearby mobile devices into a separate mobile network. A SMS is then sent as if it were from a Chinese telecom provider, like China Mobile or China Unicom.
>See also: The mobile threat landscape
Within these messages is a link to malicious malicious APK (Android application) files that users must install – common practice in China as Google Play Store is banned.
Downs advises mobile users “to regularly update the handset’s firmware, particularly when a new version is released as this will often fix vulnerabilities that criminals will look to exploit. The use of anti-virus programs could also help prevent malware inadvertently being installed on the device – although only trusted marketplaces should be used. The final weapon is good old instinct – any strange SMS messages, particularly those with links irrespective of who has sent them, should never be clicked but instead deleted straightaway.”