Security Bytes

Sep 13 2011   3:41PM GMT

SpyEye attackers turn to Android phones to steal SMS messages

Robert Westervelt Robert Westervelt Profile: Robert Westervelt


SMS-stealing Trojan poses as banking protection but once installed it can intercept text messages, sending them to the attacker’s command and control server.

A new banking Trojan from cybercriminals brandishing the SpyEye toolkit targets users of Android smartphones, tricking victims into installing a malicious application that steals text messages.

Called SPITMO, the Trojan was first discovered targeting Android phones in July by security researchers at Boston-based Trusteer Inc. It begins as a man-in-the-middle attack on a machine infected with SpyEye malware. A user that browses to the targeted bank is met with a phony message urging them to install a new application on their mobile phone to protect against SMS stealing malware. Once installed, the victim will see no sign of the malicious application running on the device.

“After the compromised user installs the Android application on his/her device, the application named ‘System’ is not visible on the device dashboard,” wrote Ayelet Heyman, a senior malware researcher at Trusteer in the company’s research blog. “It’s not a service, and it’s not listed in any current running applications. In order for a user to determine the existence of this app a bit of searching is required.”

Up until now, similar attacks have targeted BlackBerry and Symbian smartphones, Trusteer said. Security researchers are calling the technique of sniffing SMS messages a Man-in-the-mobile (Mitmo) attack. Often, the attacker requests the victim’s cell phone number and the device’s international mobile equipment identity (IMEI) number when installing the malicious application. Similar attacks were documented in 2010 targeting non-U.S. banks for two factor authentication.

Once the Trojan is installed successfully on the victim’s device, all incoming SMS messages will be intercepted and send to the attacker’s command and control server, Trusteer said.

The good news is, according to Trusteer, that the attack has yet to gain momentum. Security software that protects against man-in-the-middle attacks will help protect against the attack.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: