New 'Spitmo' Banking Trojan Attacks Android Users
|Image composite by SecurityNewsDaily|
Online crooks have reworked a notoriously devious bank-account-stealing Trojan to target Android smartphone customers.
Called Spitmo (SpyEye in the mobile browser), the nasty software first infects a PC's Web browser, then rigs a targeted bank's login page with a fake security warning that "pretends to be an Android application designed to protect the phone's SMS messages from being intercepted (there's irony for you...) and will protect the user against fraud," the security firm Trusteer wrote.
Spitmo also prompts mobile customers to enter their cellphone number and their device's international mobile equipment identity (IMEI) number, which is unique to each handset.
The security firm F-Secure detected Spitmo back in March, but at the time the attack process took three days. The updated Trojan now goes to work immediately after walking victims through the process of infecting themselves, of course.
After appealing to their need for increased online banking safety, Spitmo prompts its victims to download the fake application at www.androidseguridad.com/simseg.apk. The app, called "System," then instructs users to dial the number 325000. From here, "the call is intercepted by the Android malware and the 'alleged' activation code is presented, to be submitted later in to the 'bank's site,'" Trusteer said.
The end result: All incoming SMS messages, including authentication codes sent by banks to their mobile customers, are intercepted and sent to the cybercriminals. In the meantime, the victim has no idea, as the new app that was supposed to keep him safe from online banking threats is now operating behind the scenes and does not appear anywhere on the phone.
It's not clear where the gang behind Spitmo is operating from, but Trusteer's analysis of the command-and-control sites the Trojan "phones home" to showed that one domain name bounced among a dozen different IP addresses in Brazil, Russia and Albania over a three-day period in early August.
Spitmo joins an unsavory cast of Android-targeting malware, including "DroidDream" and "GingerMaster ," which have been found harvesting Android users' phone numbers and device IDs and sending them to remote attack servers.
To steer clear of Spitmo, DroidDream, GingerMaster and the lot of smartphone-threatening software, exercise caution when downloading apps, and be sure to run anti-virus software on your mobile device. A list of options can be found here.