by Al Sacco

Android Threat of the Week: ‘Smart’ Malware Targets Banking Credentials

Mar 15, 20123 mins
MalwareMobileMobile Security

A new form of "smart" Android malware can not only steal your online banking information, but update itself in the future and secretly send contact information stored on your device off to the Bad Guys.

This week’s Android security threat is a doozy.

We’ve all heard about Android malware that steals data stored on users’ devices or accesses system resources. But one recently identified type of “smart” malware that’s meant to steal online banking credentials takes the theft process a step further by enabling persistent communication with external servers, so the malware could, for example, update itself with new commands or add new server addresses for future communication, according to online security company McAfee.


This new malware currently targets a number of widely-use European banks, and it comes in the form of a “token generator” app, which supposedly provides users with a security token that can be used to initiate an online banking session. And the app mostly looks official since it uses the banks logos and colors.

From a McAfee blog post on the subject, penned by Malware Researcher Carlos Castillo:

“To get the fake token, the user must enter the first factor of authentication (used to obtain initial access to the banking account). If this action is not performed, the application shows an error. When the user clicks “Generar” (Generate), the malware shows the fake token (which is in fact a random number) and sends the password to a specific cell phone number along with the device identifiers (IMEI and IMSI). The same information is also sent to one of the control servers along with further data such as the phone number of the device.”

The app also includes a number of nasty lines of code that could be used to obtain users’ contact lists and then send them off to a control server.

“From man-in-the-middle attacks we now see more sophisticated, remote-controlled banking Trojans that can get more than one factor of authentication and update itself to, for example, modify a phishing attack to get other required credentials–such as the name or the ID number of the user–to perform electronic fraud,” writes Castillo. “Due to the increasing popularity of Android and mobile-banking applications, we expect that more threats like this will appear.”


I’d say that’s a certainty. And it’s honestly a bit frightening to see just how quickly modern mobile malware is evolving.

This discovery also comes on the heels of another security threat that affects the Webkit browser component of Android devices, iPhones and BlackBerrys.

Check out my previous Android Security Hole of the Week post here. Or read ” Android Security: Six Tips to Protect Your Google Phone” to help avoid trouble.