Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A variant of the SpyEye trojan dubbed SpitMo can steal bank account details and redirect transaction validation SMSes from Android phones.
SpitMo, or SpyEye for mobile, imposed templated fields on targeted banks' web pages requesting that customers fill in a mobile phone number and the international mobile equipment identity (IMEI) number of the device, a unique signature for a specific phone.
It meant criminals no longer needed to generate a certificate and issue an updated installer to snag the IMEI number, saving them up to three days.
The latest iteration of the trojan injected a message that dupes bank customers into clicking on a phony app download.
By clicking on the installer labelled "set the application," users are walked through steps that download and install the malware.
A user is then instructed to dial a number, which provides an alleged activation code to access the bank's site. In reality, that call is rerouted by the Android malware and a fake activation code is issued.
At this point, all incoming SMS messages will be intercepted and transferred to the attacker's command-and-control server.
What makes the new variant particularly meddlesome is the fact that it is unlikely to be detected as there is no visual evidence of it on the dashboard.
Users are not aware that they have been infected and that their text messages are being hijacked.
SpyEye trojan was found by Trusteer researchers in July when it was stealing troves of personal information and bank accounts. At the time, researchers said the malware was capable of evading transaction monitoring systems that look for anomalies, and observed new variants appearing frequently.
SpitMo was first detected in April by security firm F-Secure and was this week found by Trusteer researchers to be attacking the Android mobile operating system.
While the infection rate at this point is yet to snowball into a major epidemic, Trusteer researchers are advising organisations to "act now and install a desktop browser security solution as part of a multilayered security profile."
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.