Android OS under attack from new trojan variant

Share this article:

A variant of the SpyEye trojan is targeting the Google Android operating system, security firm Trusteer announced on its blog on Tuesday.

The original SpyEye trojan was found by Trusteer researchers in July to be collecting personal and banking information across the globe. At the time, researchers said the malware was capable of evading transaction monitoring systems that look for anomalies, and observed new variants appearing frequently.

The newest version, dubbed SpitMo (SpyEye for mobile), was first detected in April by security firm F-Secure.

The trojan imposes templated fields on targeted banks' web pages requesting that customers fill in a cellphone number and the international mobile equipment identity (IMEI) number of the device, a unique signature for that specific phone.

Whereas before the criminals behind the scheme first had to generate a certificate and issue an updated installer to snag the IMEI number, a process that could take three days, the latest iteration of the trojan simplifies the process, injecting a message that dupes bank customers into clicking on a phony app download. However, instead of offering protection to their online banking experience by downloading an additional security measure to protect their Android phone's SMS messages from being intercepted, as touted, by clicking on the installer, labeled "set the application," users are walked through steps that download and install the malware.

A user is then instructed to dial a number, which provides an alleged activation code to access the bank's site. In reality, that call is rerouted by the Android malware and a fake activation code is issued. At this point, all incoming SMS messages will be intercepted and transferred to the attacker's command-and-control server.

What makes the new variant particularly meddlesome is the fact that it is unlikely to be detected as there is no visual evidence of it on the dashboard. Users are not aware that they have been infected and that their text messages are being hijacked.

While the infection rate at this point is yet to snowball into a major epidemic, Trusteer researchers are advising organizations to "act now and install a desktop browser security solution as part of a multilayered security profile."

Share this article:

Sign up to our newsletters

More in News

DDoS attacks remain up, stronger in Q2, report says

DDoS attacks remain up, stronger in Q2, report ...

Prolexic's second quarter DDoS report noted the proliferation of shorter attacks that ate up more bandwidth.

Superman soars above fellow superheroes as most toxic search term

A McAfee study found that searches pertaining to Superman exposed users to the most infected websites.

Black Hat talk on Tor weaknesses canceled

Black Hat organizers say legal counsel for the Software Engineering Institute and Carnegie Mellon University nixed the session.