This Android app will steal your bank details and your contacts

Security

by Jimmy Nicholls| 03 July 2014

And it looks like Google software.

A new Android app will have the power to steal your bank details, destroy your privacy and take control of your phone, according to security firm FireEye.

The malware is believed to be an early example of a bank hijacking framework, and appears as an icon named Google Services in order to deceive users.

FireEye threat researchers, Jinjian Zhai and Jimmy Su, said: "We suspect in the near future there will be a batch of bank hijacking malware once the framework is completed.

"Right now, eight Korean banks are recognized by the attacker, yet the hacker can quickly expand to new banks with just 30 minutes of work."

Once installed the malware asks users for admin privileges, after which it uploads the user's phone number and contacts list to a server the hacker controls, and scans for banking apps.

Bank app antivirus is disabled before the software is replaced via the command and control (C&C) server, under the guise of a legitimate update.

"So far the part after the installation of the fake app is not finished yet. We believe the hacker is having some problems finishing the function temporarily," the researchers added.

"Given the unique nature of how this app works, including its ability to pull down multiple levels of personal information and impersonate banking apps, a more robust mobile banking threat could be on the horizon."

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

738 people like this.
0 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.