September 13, 2011

Android OS under attack from new trojan variant

A variant of the SpyEye trojan is targeting the Google Android operating system, security firm Trusteer announced on its blog on Tuesday.

The original SpyEye trojan was found by Trusteer researchers in July to be collecting personal and banking information across the globe. At the time, researchers said the malware was capable of evading transaction monitoring systems that look for anomalies, and observed new variants appearing frequently.

The newest version, dubbed SpitMo (SpyEye for mobile), was first detected in April by security firm F-Secure.

The trojan imposes templated fields on targeted banks' web pages requesting that customers fill in a cellphone number and the international mobile equipment identity (IMEI) number of the device, a unique signature for that specific phone.

Whereas before the criminals behind the scheme first had to generate a certificate and issue an updated installer to snag the IMEI number, a process that could take three days, the latest iteration of the trojan simplifies the process, injecting a message that dupes bank customers into clicking on a phony app download. However, instead of offering protection to their online banking experience by downloading an additional security measure to protect their Android phone's SMS messages from being intercepted, as touted, by clicking on the installer, labeled "set the application," users are walked through steps that download and install the malware.

A user is then instructed to dial a number, which provides an alleged activation code to access the bank's site. In reality, that call is rerouted by the Android malware and a fake activation code is issued. At this point, all incoming SMS messages will be intercepted and transferred to the attacker's command-and-control server.

What makes the new variant particularly meddlesome is the fact that it is unlikely to be detected as there is no visual evidence of it on the dashboard. Users are not aware that they have been infected and that their text messages are being hijacked.

While the infection rate at this point is yet to snowball into a major epidemic, Trusteer researchers are advising organizations to "act now and install a desktop browser security solution as part of a multilayered security profile."

Related Articles
Related Topics
Related Links

More in News

Operators again revive Pushdo botnet, use a popular tactic to stay hidden

Operators again revive Pushdo botnet, use a popular ...

Botnet operators are using a domain-generation algorithm to conceal their command-and-control center. And once they knew security researchers were on to their tricks, they got even slicker.

Mac spyware discovered on Angolan dissident's computer at Oslo Freedom Forum

Mac spyware discovered on Angolan dissident's computer at ...

Security researchers are studying an apparent new strain of Mac malware that turned up on the computer of a participant at the just-concluded Oslo Freedom Forum, an annual human rights ...

Judge in London sentences LulzSec members

Judge in London sentences LulzSec members

The sentences range from 20 to 32 months, with none of the defendants likely to serve the full time. There has been no formal request to extradite the U.K. men ...