SpyEye hacking kit adds Android infection to bag of tricks

Intercepts text messages bank use as secondary authentication for account access

The SpyEye hacking toolkit has added an Android component that collects the text messages some banks use as an extra security precaution, a researcher said today.

"The standard SpyEye now also entices a user to download an Android app, which is actually a component that's Android-specific malware," said Amit Klein, the chief technology officer of Boston-based Trusteer, a security firm that specializes in online anti-cybercrime defenses.

The Android app poses as a security program -- ironically, one that's supposed to protect a user's text messages from being intercepted -- required to use a bank's online services from a mobile device.

Many banks now send customers a one-time code, usually a series of numbers, to their mobile phone. To access the account, a user must enter not only the traditional username and password, but also the just-received passcode.

It's that passcode that the bogus Android app intercepts and then re-transmits to a hacker-managed command-and-control (C&C) server, said Klein.

"The desktop portion of SpyEye captures the username and password," Klein noted. "But to conduct online fraud against many banks today, a bit more is needed by the cyber criminals. [The text message-intercepting] piece was what SpyEye was missing."

Users are told to download the Android malware when they browse to any targeted bank that requires the additional passcode authentication sent as a text message. Once the criminals have the customer's username and password, and a just-issued passcode, they can quickly log into the account and drain it of its funds.

Trusteer classified both the desktop and Android components as Trojan horses, a specialty of the SpyEye exploit-construction kit.

According to Klein, the SpyEye double-whammy -- the typical desktop-oriented Trojan that targets Windows and the new Android component -- is circulating in Europe and Australia, aiming to dupe customers of banks on those continents.

But Klein figures that the new malware will show up elsewhere soon. "This isn't an isolated case," he said, "so I expect it to come to other regions."

While the Android component is downloaded from one of several URLs that the desktop part of SpyEye shows victims, Klein said that a similar program has been seen on what he called "informal markets," the unofficial Android app stores that have proliferated in countries such as China.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His e-mail address is gkeizer@computerworld.com.

See more articles by Gregg Keizer.

Read more about security in Computerworld's Security Topic Center.

Tags Trusteersecurity

Recommended

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld (US)

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?