We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

SpyEye hacking kit adds Android infection to bag of tricks

Intercepts text messages bank use as secondary authentication for account access

The SpyEye hacking toolkit has added an Android component that collects the text messages some banks use as an extra security precaution, a researcher said today.

"The standard SpyEye now also entices a user to download an Android app, which is actually a component that's Android-specific malware," said Amit Klein, the chief technology officer of Boston-based Trusteer, a security firm that specializes in online anti-cybercrime defenses.

The Android app poses as a security program -- ironically, one that's supposed to protect a user's text messages from being intercepted -- required to use a bank's online services from a mobile device.

Many banks now send customers a one-time code, usually a series of numbers, to their mobile phone. To access the account, a user must enter not only the traditional username and password, but also the just-received passcode.

It's that passcode that the bogus Android app intercepts and then re-transmits to a hacker-managed command-and-control (C&C) server, said Klein.

"The desktop portion of SpyEye captures the username and password," Klein noted. "But to conduct online fraud against many banks today, a bit more is needed by the cyber criminals. [The text message-intercepting] piece was what SpyEye was missing."

Users are told to download the Android malware when they browse to any targeted bank that requires the additional passcode authentication sent as a text message. Once the criminals have the customer's username and password, and a just-issued passcode, they can quickly log into the account and drain it of its funds.

Trusteer classified both the desktop and Android components as Trojan horses, a specialty of the SpyEye exploit-construction kit.

According to Klein, the SpyEye double-whammy -- the typical desktop-oriented Trojan that targets Windows and the new Android component -- is circulating in Europe and Australia, aiming to dupe customers of banks on those continents.

But Klein figures that the new malware will show up elsewhere soon. "This isn't an isolated case," he said, "so I expect it to come to other regions."

While the Android component is downloaded from one of several URLs that the desktop part of SpyEye shows victims, Klein said that a similar program has been seen on what he called "informal markets," the unofficial Android app stores that have proliferated in countries such as China.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer , on Google+ or subscribe to Gregg's RSS feed . His e-mail address is [email protected] .

See more articles by Gregg Keizer .

Read more about security in Computerworld's Security Topic Center.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia