GMA Brandtalk
Tracking
Archives
SpyEye malware toolkit hits Android devices
The SpyEye malicious toolkit, which has made botnets out of computers running Microsoft’s Windows operating system, now threatens devices running Google’s Android as well. Computer security firm Sophos said SpyEye, designed to steal banking credentials and confidential data, appeared to make the Android version some months after “competitor" Zeus did so. “When the user of a PC infected by the Windows version of SpyEye visits a targeted banking website, and when the site is using mobile transaction authorization numbers, the SpyEye Trojan may inject HTML content which will instruct the user to download and install the Android program to be used for transaction authorization," Sophos said in a blog post. SpyEye will not include an icon which would be displayed in the “All apps" menu- a user will only find the package when “Manage Applications" is launched from the mobile device’s settings. Also, the application uses the display name “System" so that it seems like a standard Android system application. The SpyEye for Android will be detected by Sophos products as Andr/Spitmo-A. “It also seems that support for Android is increasingly becoming an important part of their product strategy," Sophos said. Avoiding detection Sophos said the malware will use different tactics to reinforce user’s opinion that it is a legitimate application. It applies for the following permissions Android permission:
