Trend Labs documents a new Android based malware attack where the phone can pass text messages in a stealth like manner from unauthorized users as if it were a “man in the middle”.  Infected users could incur higher future bills for these hidden text messages passing through their phone systems. 

Android – Malware turns phone into a proxy relay device

QUOTE: I have seen Android malware delete and send SMS messages but this is the first time I saw an Android malware act as an SMS relay. My colleagues and I were recently able to analyze a sample of an Android malware that uses an infected device as a proxy for sending and receiving messages. Unlike most Android-specific threats we have recently seen, this one does not piggyback on legitimate Android apps. Once installed, it displays a blank window for a split second then immediately closes it.

This malware may be used for three particular reasons:

1. First, it can be used to abuse premium services. The malware author can command the backdoor to enroll the infected device in a specified premium service. The user will not have any idea that it has already been enrolled since the malware also deletes the SMS notifications for the said service.

2. Second, it can be used to spy on the targeted device. The malware author can set a specific number. Once an SMS message is received from that number, the SMS body is uploaded to its server.

3. Finally, it can be used as an SMS relay (like a proxy server for SMS messages). The malware author can send and receive SMS messages through the infected device.

The said malware is now detected as AndroidOS_CRUSEWIN.A. Trend Micro also offers protection for users of Android-based mobile devices via Trend Micro™ Mobile Security for Android.