Most criminal Android malware currently steals from smartphone owners by sending text messages to premium rate numbers. This kind of theft doesn’t usually inflict major financial hardship and once discovered many people are able to get the money refunded after having the malware removed from the phone.
A Kaspersky Lab analyst has recently discovered an Android Trojan that is designed to execute remote commands from hackers. Rather than sending premium SMS automatically it steals all incoming and outgoing texts, call logs, network IDs, and other data. The cybercriminal then remotely commands the infected phone to send random SMS and setup message filters and incoming calls affecting specific phone numbers. This is all to provide the thief with information on whether the phone is attached to a banking service. Once that is determined their next step is to attempt to transfer your money.
The tests were done in Russia; the hacker would attempt to check to see if a phone is connected to a popular bank in Russia, then pretending to be the phone owner is able to withdraw money with the phone number. In this case the daily amount limit for the withdrawal is $100 and does require a confirmation, but with control of your phone the criminal has all they need to confirm the transfer and keep the strange messages from the bank out of site. If this goes on for sometime they will have the opportunity to take a serious chunk out of your bank account.
While only currently known in Russia the Trojan will likely quickly be resold to other cybercriminals, affecting many other countries. The Trojan will prove effective for any country where SMS is relied on for issuing bank payments. To help spread the Trojan redirect methods off of legitimate websites will likely be employed, most likely as a “Flash player update” or something similar.
Rules to live by to help protect the security of your Android Smartphone:
- Turn off “Allow installation from unknown sources” in your security settings. You may really want that app, but is it work the security risk?
- When installing that new app, don’t just click install without reading the permissions the app is requesting. If it doesn’t make sense, don’t install it. There are generally plenty of other alternatives to the first app you find; if you have concerns about the amount of permission being requested pick an alternative.
- Read the ratings before installing a new app as well. It’s a good idea to read the 5 stars and the 1 stars to really get a feel for what your installing. Sure the 5 stars usually sound like the app creators and the 1 stars sound like that guy you know you never likes anything, but it should give you a good view of the best and the worst of the app.
- Stick to Google Play when selecting apps for your phone.