Android OS under attack from new trojan variant

Share this article:

A variant of the SpyEye trojan is targeting the Google Android operating system, security firm Trusteer announced on its blog on Tuesday.

The original SpyEye trojan was found by Trusteer researchers in July to be collecting personal and banking information across the globe. At the time, researchers said the malware was capable of evading transaction monitoring systems that look for anomalies, and observed new variants appearing frequently.

The newest version, dubbed SpitMo (SpyEye for mobile), was first detected in April by security firm F-Secure.

The trojan imposes templated fields on targeted banks' web pages requesting that customers fill in a cellphone number and the international mobile equipment identity (IMEI) number of the device, a unique signature for that specific phone.

Whereas before the criminals behind the scheme first had to generate a certificate and issue an updated installer to snag the IMEI number, a process that could take three days, the latest iteration of the trojan simplifies the process, injecting a message that dupes bank customers into clicking on a phony app download. However, instead of offering protection to their online banking experience by downloading an additional security measure to protect their Android phone's SMS messages from being intercepted, as touted, by clicking on the installer, labeled "set the application," users are walked through steps that download and install the malware.

A user is then instructed to dial a number, which provides an alleged activation code to access the bank's site. In reality, that call is rerouted by the Android malware and a fake activation code is issued. At this point, all incoming SMS messages will be intercepted and transferred to the attacker's command-and-control server.

What makes the new variant particularly meddlesome is the fact that it is unlikely to be detected as there is no visual evidence of it on the dashboard. Users are not aware that they have been infected and that their text messages are being hijacked.

While the infection rate at this point is yet to snowball into a major epidemic, Trusteer researchers are advising organizations to "act now and install a desktop browser security solution as part of a multilayered security profile."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

President signs Executive Order to improve payment security

President signs Executive Order to improve payment security

President Obama signed an Executive Order at the Consumer Financial Protection Bureau calling for enhanced security measures, including microchips and PINs.

Security, tech firm coalition fights Hikit actors, other advanced groups

Security, tech firm coalition fights Hikit actors, other ...

The coalition began as an effort to stop the spread of the Hikit trojan, previously known for targeting U.S. defense contractors.

Phishing email delivers keylogger malware, also takes screenshots

Phishing email delivers keylogger malware, also takes screenshots

The malware has various features, including the ability to start persistently, take screenshots and bypass user access controls.