Chinese Hackers Using BTS to Spread a Malicious Banking Trojan: Swearing Trojan- Chinese Hackers seem to have gone beyond the Smishing attack. They are now plotting Android banking malware using spoofed SMS message and they are using the rogue cell phone towers to accomplish this. According to the security researchers at Check Point Software Technologies, the Chinese hackers have created virtual and fake base transceiver stations or BTS. They are using them to transfer “Swearing Trojan” which is an Android banking malware. It seemed before that this Trojan became inactive after police managed to arrest its authors in a raid.

Chinese Hackers Using BTS to Spread a Malicious Banking Trojan: Swearing Trojan

Chinese Hackers Using BTS to Spread a Malicious Banking Trojan: Swearing Trojan

This is a unique case of hacking as hackers have never used BTS for spreading malicious applications such as Trojans. In case you are not aware of BTS, it is an equipment that is fitted into mobile towers. The users are made to mislead that the SMS has been sent by some genuine Chinese operator such as China Unicom or China Mobile.  The text of the SMS has been made to look like a normal SMS. The text comes with a download link that installs this Trojan via malicious APK file.

The fact that Google Play Store is blocked in China helped the hackers

Hackers have also utilized the fact that Google Play Store is blocked in China. Thus, users do not have any problem in downloading this APK file from an unknown source other than Google Play Store. This Trojan is particular more threatening because it starts to send this same malicious SMS to all the contacts in the phone, thus distributing the Trojan further. The use of BTS makes it very easy for the hackers to convince users into downloading the APK file.

This malicious Trojan came to light last year after police arrested the culprits as part of the police raid. It was reported by Tencent Security researchers. The Trojan brings the biggest threat of stealing Bank information including your account numbers, credit card number and most importantly the passwords that we enter. Thus, your privacy is at huge risk once this hits your mobile.

The most interesting thing about the new generation Malware is that it is very difficult to detect. The Trojan does not connect to any remote command-and-control (C&C) server, unlike most Trojans. Instead of a server, it relies on sending information back via SMS. Thus, even the most sophisticated Antimalware find it very hard to detect.

The Swearing Trojan can soon affect the mobiles all over the world

Check Point Researchers have another bad news for all the mobile users. The distribution of this malware is limited to China currently but Check Point reports that it will soon start to affect all the mobiles around the world, especially in the western countries.

This Trojan has always been a major threat. However, no one expected it to grow to such as extent. This is the first Trojan that has been sent via email. Hackers have given very little to suspect about the download. They used the official emails via reputed email service providers. Some of the main names are, and,, and Alibaba Cloud and other cloud service hosted email accounts. We cannot take it for granted at all as we did with another Malware HummingBad. That has started from China and gradually spread to the whole world.


Next Article: 5 Quick Tips to Spot Scam Messages on WhatsApp

How To Protect Your PC From Ransomware

Leave a Reply