Android OS under attack from new trojan variant

Share this article:

A variant of the SpyEye trojan is targeting the Google Android operating system, security firm Trusteer announced on its blog on Tuesday.

The original SpyEye trojan was found by Trusteer researchers in July to be collecting personal and banking information across the globe. At the time, researchers said the malware was capable of evading transaction monitoring systems that look for anomalies, and observed new variants appearing frequently.

The newest version, dubbed SpitMo (SpyEye for mobile), was first detected in April by security firm F-Secure.

The trojan imposes templated fields on targeted banks' web pages requesting that customers fill in a cellphone number and the international mobile equipment identity (IMEI) number of the device, a unique signature for that specific phone.

Whereas before the criminals behind the scheme first had to generate a certificate and issue an updated installer to snag the IMEI number, a process that could take three days, the latest iteration of the trojan simplifies the process, injecting a message that dupes bank customers into clicking on a phony app download. However, instead of offering protection to their online banking experience by downloading an additional security measure to protect their Android phone's SMS messages from being intercepted, as touted, by clicking on the installer, labeled "set the application," users are walked through steps that download and install the malware.

A user is then instructed to dial a number, which provides an alleged activation code to access the bank's site. In reality, that call is rerouted by the Android malware and a fake activation code is issued. At this point, all incoming SMS messages will be intercepted and transferred to the attacker's command-and-control server.

What makes the new variant particularly meddlesome is the fact that it is unlikely to be detected as there is no visual evidence of it on the dashboard. Users are not aware that they have been infected and that their text messages are being hijacked.

While the infection rate at this point is yet to snowball into a major epidemic, Trusteer researchers are advising organizations to "act now and install a desktop browser security solution as part of a multilayered security profile."

Share this article:

Sign up to our newsletters

More in News

Pentagon to triple its security workforce by 2016

Pentagon to triple its security workforce by 2016

Defense Secretary Chuck Hagel recently announced the recruitment efforts during a speech in Fort Meade, Md.

Tech manufacturer's online payment system breached

LaCie confirmed an unauthorized party used malware to access its online payment system for almost a year and could have stolen customer information.

The Heartbleed bug works, and could be a scapegoat for older breaches

The Heartbleed bug works, and could be a ...

Researchers proved the Heartbleed bug was real in a challenge issued by CloudFlare to prove private keys can be stolen, right around the time companies are claiming they were breached ...