Alperovitch said he and his team commandeered an existing piece of malware called Nickispy, a remote access tool emanating from China that was identified last year by anti-virus firms as a so-called Trojan Horse. The malware was disguised as aGoogle+ app that users could download. But Google quickly removed it from its Android Market app store, which meant that few users were hit.
Dmitri Alperovitch, the formerMcAfee Inc.cyber security researcher best known for identifying a widespread China-based cyber espionage operation dubbed Shady Rat, has used a previously unknown hole in smartphone browsers to plant China-based malware that can commandeer the device, record its calls, pinpoint its location and access user texts and emails. He conducted the experiment on a phone running Google Inc.'sAndroid operating system, although he says Apple Inc.'s iPhones are equally vulnerable....
Alperovitch and his team reversed engineered the malware, he said, and took control of it. He then conducted an experiment in which malware was delivered through a classic "spear phishing" attack — in this case, a text message from what looks like a mobile phone carrier, asking the user to click on a link. Alperovitch said he exploited a so-called zero-day vulnerability in smartphone browsers to secretly install the malware. Zero-day vulnerabilities are ones that are not yet known by the manufacturers and anti-virus companies.
"The minute you go the site, it will download a real-life Chinese remote access tool to your phone," he said. "The user will not see anything. Once the app is installed, we'll be intercepting voice calls. The microphone activates the moment you start dialing."
The malware also intercepts texts and emails and tracks the phone's location, he said. In theory, it could be used to infiltrate a corporate network with which the phone connects.
There is no security software that would thwart it, he said.