Posted by: Robert Westervelt
man in the mobile, MITMO, SpyEye
SMS-stealing Trojan poses as banking protection but once installed it can intercept text messages, sending them to the attacker’s command and control server.
A new banking Trojan from cybercriminals brandishing the SpyEye toolkit targets users of Android smartphones, tricking victims into installing a malicious application that steals text messages.
Called SPITMO, the Trojan was first discovered targeting Android phones in July by security researchers at Boston-based Trusteer Inc. It begins as a man-in-the-middle attack on a machine infected with SpyEye malware. A user that browses to the targeted bank is met with a phony message urging them to install a new application on their mobile phone to protect against SMS stealing malware. Once installed, the victim will see no sign of the malicious application running on the device.
“After the compromised user installs the Android application on his/her device, the application named ‘System’ is not visible on the device dashboard,” wrote Ayelet Heyman, a senior malware researcher at Trusteer in the company’s research blog. “It’s not a service, and it’s not listed in any current running applications. In order for a user to determine the existence of this app a bit of searching is required.”
Up until now, similar attacks have targeted BlackBerry and Symbian smartphones, Trusteer said. Security researchers are calling the technique of sniffing SMS messages a Man-in-the-mobile (Mitmo) attack. Often, the attacker requests the victim’s cell phone number and the device’s international mobile equipment identity (IMEI) number when installing the malicious application. Similar attacks were documented in 2010 targeting non-U.S. banks for two factor authentication.
Once the Trojan is installed successfully on the victim’s device, all incoming SMS messages will be intercepted and send to the attacker’s command and control server, Trusteer said.
The good news is, according to Trusteer, that the attack has yet to gain momentum. Security software that protects against man-in-the-middle attacks will help protect against the attack.