Beware this fake Kaspersky mobile security app

Security

by Jimmy Nicholls| 04 August 2014

Rivals McAfee uncover Polish Android malware campaign.

Android malware that poses as a Kaspersky security app has been found in Poland, according to security firm McAfee.

A message purporting to be from a bank tells users that their phone has been infected with malware, attaching an application said to detect malware, but which is really the remote access tool SandroRat.

Carlos Castillo, mobile malware researcher at McAfee, said: "Spam campaigns (via SMS or email) are becoming a very popular way to distribute Android malware, which can steal personal information or even obtain complete control of a device with a tools like SandroRat.

"This attack gains credence with the appearance of a bank offering security solutions against banking malware, a typical behavior of legitimate banks."

Released at the end of last year, SandroRat allows hackers to control several Android phones from their computer, and includes file, text message and call managers, as well as a GPS locator.

According to Castillo the malware can also access encrypted WhatsApp logs and the unique key from a Gmail account necessary to render the files into plain text.

He added: "This decryption routine will not work with WhatsApp chats encrypted by the latest version of the application because the encryption scheme (crypt7) has been updated to make it stronger [by] using a unique server salt."

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

754 people like this.
0 people follow this.

Security Intelligence

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.