The current information about this malware show that it can execute a range of commands including uploading the phone’s current location, sending SMS messages, and even recording phone calls. It works by intercepting SMS messages sent to the phone and checking to see if they are commands for it to act. If they are, it executes the command and then prevents the message from being seen by the user.
TigerBot tries to hide itself from the user by not showing any icon on the home screen and by using legitimate sounding app names (like System) or by copying names from trusted vendors like Google or Adobe.
Based on our current analysis, it supports the following commands:
Record the sounds in the phone, including the phone calls, the surrounding sounds and etc.
Change the network setting.
Upload the current GPS location.
Capture and upload the image.
Send SMS to a particular number.
Reboot the phone.
Kill other running processes.
To avoid becoming a victim, Only download applications from trusted sources, reputable application stores, and markets, and be sure to check reviews, ratings and developer information before downloading.