New SpyEye Variant Targeting Android Devices

Thursday, September 15, 2011



Researchers from security provider Trusteer have identified a new SpyEye variant in the wild which specifically targets Android devices.

The new variant is designed to harvest text messages that contain a one-time use code sent to customers by institutions as an added security measure for clients engaged in mobile banking transactions, making SpyEye an even more powerful tool for stealing financial login credentials.

The passcode is intercepted by an illegitimate Android application installed by the SpyEye toolkit and transmitted to the attackers, allowing the opportunity to hijack a mobile banking session to conduct fraudulent transactions.

"The standard SpyEye now also entices a user to download an Android app, which is actually a component that's Android-specific malware... The desktop portion of SpyEye captures the username and password. But to conduct online fraud against many banks today, a bit more is needed by the cyber criminals. [The text message-intercepting] piece was what SpyEye was missing," said Amit Klein, CTO for Trusteer.

Word of the new variant follows last month's announcement of the discovery that the source code for the SpyEye Trojan had also been released into the wild.

The SpyEye code, which was previously only available to malicious attackers on the black market for a hefty price in the vicinity of $10,000 or so, was leaked by a French researcher who goes by the handle Xyliton, and is a member of the Reverse Engineers Dream (RED) outfit.

SpyEye is known to be one of the more powerful data-sniffing Trojans ever developed, and the release of the source code means the likelihood that there will be a dramatic increase in its application is a very real scenario.

In an article on the McAfee Labs blog last fall, Senior Threat Researcher Francois Paget warned of the blending of the Zeus and Spyeye tools, and the first toolkit combining the exploits arrived on the black market early this year.

The combination of events leads researchers to believe that the number of threats aimed at online banking systems is on the uptick.

“Unlike the past, when financial institutions had to defend against a limited number of malware platforms, attacks can now come from virtually any malicious software program - old or new. The malware distribution channel for fraudsters has increased in scale significantly," Klein said.

Possibly Related Articles:
Viruses & Malware
Passwords malware Headlines Android SpyEye Account Fraud trojan Mobile Banking
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.