Security Researchers from FireEye Labs have discovered six variants of a new Android malware dubbed as "Android.HeHe" which is capable of stealing SMS and intercepting phone calls.
The malware is being distributed as a security update for the Android OS. Once it infects a device, it communicates with the command and control(C&C) server and monitoring incoming SMS.
Phone details including IMEI, IMSI(International mobile Subscriber Identity), phone number, OS version, model of the phone are being transfered to the C&C server.
It also checks whether the IMSI code is null so that it can determine whether it is being executed in Emulator or in real device(Emulators don't have IMSI code).
The C&C server responds to the device with a list of phone numbers. If the infected device receives SMS or phone call from one of these numbers, the threat intercepts the message or call.
Text messages from one of these numbers are captured and stored in the attacker's server. Any phone calls from these numbers are silenced and rejected.