We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Android targeted by SpyEye banking Trojan

Banking transactions for owners of Android phones just became more dangerous with a new iteration of the SpyEye Trojan designed to intercept two-factor authentication codes sent via SMS -- the first known version for Android.

The malware not only tries to steal authentication information banks send via SMS, it also encourages users to go out and buy an Android if they don't already have one, according to Ayelet Heyman, senior malware analyst for Trusteer, which makes software to thwart banking malware.

Customizing for Android is good for attackers because they don't have to wait three days to commandeer the SMS messages, which is the case with Symbian phones, she says.

BACKGROUND: Discounted SpyEye could mean trouble for enterprises

Trusteer discovered the SpyEye variant in the wild in Spain on July 26, and Heyman wrote about it today in a blog.

The attack is carried out against customers of targeted banks that use SMS messages to send out one-time passwords as customers log in.

Attackers first compromise customers' home desktops that are used for remote banking transactions, then compromise the phones so they can intercept the one-time passwords.

Once they have infected both the desktops and phones they attack on customers' accounts by logging in using credentials stolen from the compromised laptop. When SMS messages with the one-time passwords are sent, the malware in the phones diverts the passwords to the attacker who uses them to complete authentication to the users' accounts. Once in, the attacker can withdraw or transfer funds.

The phone compromise starts when a victim connects to a targeted bank's website via desktop. A message pops up that says a mandatory new security measure is being implemented that requires downloading a security application to an Android phone. The user is walked through how to download and install the malicious application.

Once activated, the malware picks off all SMS messages and forwards them to the attacker's command and control server.

For customers who don't have Androids, the malware offers this message: "Users who do not have cell phones that work on the Android platform will be forced to buy it. ... It's inconvenient, but it is the only way to keep their money secure."

Heyman says she thinks the next innovation will be for SpyEye to commandeer sessions initiated from cellphones rather than desktops.

Read more about wide area network in Network World's Wide Area Network section.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

Hands-on with Sony's latest smartglasses

IDG UK Sites

Apple TV setup advice: Apple TV hacks to help you create the ultimate Apple TV hub in your home