Chinese State-Backed Hackers Are Developing SMS-Stealing Malware

The group is known for hacking across several industries.
Chris Young

APT41, a Chinese state-backed hacking group has developed a new kind of malware that allows hackers to steal SMS messages from telecom networks.

The news comes thanks to research by cybersecurity company FireEye, who has tracked the group known for state-backed espionage operations against other world powers.


Spying on SMS

The malware in question was called 'MESSAGETAP' and was discovered on a Short Message Service Center (SMSC) server, The Next Web reports. The server was being used by a telecom company to send SMS messages between recipients.

MESSAGETAP not only allow for the messages to be read, but it can also track personal information of the senders and recipients, such as mobile subscriber identity numbers, and data from call detail record (CDR) databases.

The malware focuses on keywords related to topics of geopolitical interest, the research from FireEye explains.

While the cybersecurity firm didn't specify who has been targeted by the malware, it said that four telecom operators were hacked by MESSAGETAP this year.

Not only that, "four additional telecommunications entities were targeted in 2019 by separate threat groups with suspected Chinese state-sponsored associations," FireEye said.

“The use of MESSAGETAP and targeting of sensitive text messages and call detail records at scale is representative of the evolving nature of Chinese cyber espionage campaigns.”

Most Popular
Chinese State-Backed Hackers Are Developing SMS-Stealing Malware
Source: BeeBright/iStock

Who are the APT41?

Also known as Barium, APT41 is a group of hackers that are thought to juggle their state-backed work with moonlighting for personal gain. In their own time, they have sent ransomware to gaming companies and hacked virtual currency providers.

The latest attack highlights the importance of opting for an encrypted messaging service like Signal or WhatsApp.

As the FireEye researchers put it, this problem won't be going away anytime soon, whether it's APT41 or other hackers. 

“The threat to organizations that operate at critical information junctures will only increase as the incentives for determined nation-state actors to obtain data that directly support key geopolitical interests remains,” the FireEye researchers said.

message circleSHOW COMMENT (1)chevron