Android OS under attack from new trojan variant

Share this article:

A variant of the SpyEye trojan is targeting the Google Android operating system, security firm Trusteer announced on its blog on Tuesday.

The original SpyEye trojan was found by Trusteer researchers in July to be collecting personal and banking information across the globe. At the time, researchers said the malware was capable of evading transaction monitoring systems that look for anomalies, and observed new variants appearing frequently.

The newest version, dubbed SpitMo (SpyEye for mobile), was first detected in April by security firm F-Secure.

The trojan imposes templated fields on targeted banks' web pages requesting that customers fill in a cellphone number and the international mobile equipment identity (IMEI) number of the device, a unique signature for that specific phone.

Whereas before the criminals behind the scheme first had to generate a certificate and issue an updated installer to snag the IMEI number, a process that could take three days, the latest iteration of the trojan simplifies the process, injecting a message that dupes bank customers into clicking on a phony app download. However, instead of offering protection to their online banking experience by downloading an additional security measure to protect their Android phone's SMS messages from being intercepted, as touted, by clicking on the installer, labeled "set the application," users are walked through steps that download and install the malware.

A user is then instructed to dial a number, which provides an alleged activation code to access the bank's site. In reality, that call is rerouted by the Android malware and a fake activation code is issued. At this point, all incoming SMS messages will be intercepted and transferred to the attacker's command-and-control server.

What makes the new variant particularly meddlesome is the fact that it is unlikely to be detected as there is no visual evidence of it on the dashboard. Users are not aware that they have been infected and that their text messages are being hijacked.

While the infection rate at this point is yet to snowball into a major epidemic, Trusteer researchers are advising organizations to "act now and install a desktop browser security solution as part of a multilayered security profile."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.