A new malware attack scheme in China uses fake base transceiver stations (BTS), which are usually found on cellular telephone towers, to send spoofed text messages that contain links to Android malware.

The attacks spread an Android malware string called Swearing, coined from its source code that contains several Chinese curse words. It was discovered by security researchers from Tencent Security and is only contaminating in China.

Like Us on Facebook

Malware authors of Swearing deploy its malware in a rather unique and discreet mode by utilizing rogue BTS equipment to trap nearby smartphones into a separate mobile network. From here, they forward SMS messages to the victim, tricked to appear like they were sent by the mobile providers.

The messages contain links to malicious APK files that users are asked to install. And locals are used to installing APKs from untrusted sources as Google Play Store is blocked from China.

Such APKs contain Swearing Trojan that is believed to be an all-around threat. The malware could reportedly gather personal user data from infected device, show scam messages that require login information, and intercept SMS messages to bypass two-factor authentication systems and other one-time code systems typically employed by banks.

But aside from sending merely SMS messages, Tencent said that authors of the Swearing gang also use other themes such as links of photos and videos of a cheating spouse or recent trending events. The attacks have been common on users from China Mobile and China Unicom.

Meanwhile, Check Point recently reported of a slightly modified version of the Swearing malware called the HummingBird. It initially began on China's mobile malware market and spread to attack global targets.

Both Swearing and HummingBird are expected to spread on other nations, particularly because of the efficiency of using BTS equipment to entrap and lure users to install the malware payload.