Spyeye Attacks The Android
- Author Cee Simpson
- Published March 2, 2012
- Word count 520
SpyEye is a widespread malicious toolkit for creating and managing botnets. It is designed primarily for stealing banking credentials and other confidential information from infected systems.
SpyEye is a major competitor of the infamous Zeus toolkit. Emanating from Russia, it started to appear for sale on Russian underground forums. Retailing at $500, it is has taken a chunk of the Zeus crimeware toolkit market. Symantec detects this threat as Trojan.Spyeye.The Zeus (also known as ZBot) crimeware toolkit has grown to be the most established crimeware toolkit in the underground economy. It generated a lot of interest in the mobile security community a couple of months ago when an Android version was discovered.
It was not long before a version of SpyEye targeting Android was also developed, and sure enough a malicious SpyEye Android app was discovered a recently.
The functionality of Zeus and SpyEye on Windows is quite similar, and new revisions (of both), with additional features, are being released on a regular basis.
Zeus for Android purports to be a version of Trusteer Rapport security software. This social engineering trick is used in an attempt to convince the user that the application they are installing is legitimate.
Ads by Google
SpyEye for Android, now detected by Sophos products as Andr/Spitmo-A, uses a slightly different but similar social engineering technique.
When the user of a PC infected by the Windows version of SpyEye visits a targeted banking website, and when the site is using mobile transaction authorization numbers, the SpyEye Trojan may inject HTML content which will instruct the user to download and install the Android program to be used for transaction authorization.
The SpyEye application package does not show up as an icon in the "All apps" menu, so the user will only be able to find the package when the "Manage Applications" is launched from the mobile device's settings.
The application uses the display name "System" so that it seems like a standard Android system application.When installed, Zeus for Android displayed a fake activation screen, and Spitmo is again very similar.
However, Spitmo uses different tactics to convince the user that it is a legitimate application.
It applies for the following Android permissions:android.provider.Telephony.SMS_RECEIVED
android.intent.action.NEW_OUTGOING_CALL
This allows the malware to intercept outgoing phone calls.
When a number is dialed, the call is intercepted before the connection is made and the dialed phone number is matched to a special number specified by the attacker in the alleged helper application installation instructions.
If the number matches, Spitmo displays a fake activation number, which is always 251340.Once installed, the functionality of Zeus and SpyEye are pretty much the same.
A broadcast receiver intercepts all received SMS text messages and sends them to a command and control server using an HTTP POST request. The submitted information includes the sender's number and the full content of the message.
The developers of major malicious toolkits are closely watching their competition and matching the latest features. Users need to keep antimalware definitions up to date to minimize the effect of these evolving threats.
Cee Simpson is a Security Systems Analyst with EZMobilePC.com.
Article source: https://articlebiz.comRate article
Article comments
There are no posted comments.
Related articles
- Automatic Driving Lessons in Glasgow: Your Top FAQs Answered by Autogear Experts
- FAQ Guide: Everything Caledon Homeowners Should Know About Choosing Lighting from Fehmi Lights
- The Evolution of Compact Cinema Cameras: From Studio Rigs to Agile Setups
- Smooth Confidence: The Ultimate Guide to Effective Hair Removal.
- The Natural Path to Stronger Hair, Glowing Skin, and Healthier Nails.
- Smooth Skin Ahead: How to Remove Skin Tags Safely and Naturally.
- Smooth Skin Ahead: Natural Paths to Reducing the Appearance of Scars.
- The Art of Carved Doors: From Rustic Charm to Modern Elegance
- The Pediroller: A Simple Tool with a Profound Impact on Foot Health
- Fading Scars Naturally: How to Restore Smoother, Even-Toned Skin.
- Say Goodbye to Skin Tags Naturally: A Complete Guide to Gentle Removal.
- Refresh Your Home with the Carefree Spirit of Boho Decor
- The Charm of Modern Farmhouse Décor
- Luxury That Lasts: Why Happy Feet Flooring Is a Smart Investment
- The Real Reason Bamboo Pajamas Cost More—And Why GYS Makes Them Worth Every Penny
- Mastering Camera Support: How Precision Fluid Heads Transform Cinematic Movement
- Color Reproduction and Skin Tones — The Real Challenge for Modern Cinema Lenses
- The Use of Electric Callus Removers: A Modern Approach to Foot Care
- Clearer Skin Naturally: The Complete Guide to Safe and Effective Skin Tag Removal.
- Fading Scars Naturally: How to Restore Smoother, Even-Toned Skin.
- Varicose Veins Demystified: From Early Warning Signs to Proven Relief.
- Clearer Days Ahead: How to Effectively Treat and Manage Rosacea Symptoms.
- The Death of Expertise: Navigating the Political Landscape
- Hospitality Meets Worship: Church Carpet That Welcomes
- Using Toe Straighteners to Help Foot Problems
- Emerging technologies shaping the future of digital
- Do Magnetic Eyelashes Actually Work?
- Why Bamboo Pajamas Are Worth It: Comfort, Health, and Sustainability with GYS
- Use of podiatry felt to treat foot problems
- Soothe the Red: Proven Treatments and Everyday Solutions for Rosacea Relief.