Security Bytes

Jan 11 2010   2:09PM GMT

Credit union warns of phony banking Android app



Posted by: Robert Westervelt
Tags:
mobile malware
smartphone attacks

Mobile banking app tries to gain access to financial data. App removed from Android marketplace.

In what could be one of the first signs that attackers are testing smartphones as another way to gain access to sensitive information, a Beaverton, Oregon credit union is warning its customers about a rogue Android application that attempts to set up online access to bank accounts.

The Android App has been removed from the Android marketplace, according to First Tech Credit Union. Called Droid09, the application didn’t target a specific financial institution. In a message to customers, the credit union said the app was designed to appear as a shell of a typical mobile banking app, but after a person configures their account information, it then tries to gain access to the victim’s financial information.

Smartphones running more powerful processors are now capable of handling ever more sophisticated applications. Apple, Research In Motion, Palm and now Google closely monitor the applications they make available to smartphone users. All four smartphone OS makers have a strict application approval process, but some security experts say it’s unclear exactly how closely the application is scrutinized. There’s no word on how the app made it through Google’s approval process, making it into the marketplace for Android OS phones.

Graham Cluley, a security consultant with UK-based security vendor, Sophos, blogged about the rogue Android application today. Apple heavily scrutinizes the applications developed for the iPhone and has been known to reject them for a variety of reasons. Its applications are also run sandbox-like, making it more difficult for an attacker to use an application as a loophole into the phone OS itself. Cluley said the only malware that has recently emerged targeting smartphones has been the iKee worm, which targeted jailbroken iPhones – a tiny fraction of Apple’s overall user base.

The Android marketplace, however, is not as closely monitored as Apple’s equivalent, and adopts a more “anything goes” philosophy. This, combined with the current buzz around new phones running Android such as the Motorola Droid and the Google Nexus One, may make the platform more attractive to cybercriminals in future.

With Apple’s rumored iSlate announcement anticipated at the end of the month, and a slew of tablet-like devices introduced at the recent Computer Electronics Show last week, attackers may be tempted to take a look at how those devices handle applications. It’s unclear whether those devices will be an extension of the smarthphone OSes and how easy it will be to develop applications for the tablet PCs. If users will have free reign to download and install anything they like and there’s enough marketshare, it’s a safe bet that cybercriminals will see money to be made.

Other security experts believe most cell phone users won’t have to worry about mobile malware for quite some time. PandaLabs security researcher Sean-Paul Correll said the cell phone market continues to be too fragmented. And he may be right, recent statistics suggest that even with the iPhone’s success and now Google’s Android OS, their marketshare isn’t significant enough for attackers. Even Symbian phones, which carry slightly more than 50% of the worldwide market, haven’t been targeted in great numbers.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: