A piece of Android malware has been uncovered that comes disguised as the Google Play app but uses a smart download technique to hide its activities.
The malware’s true purpose is to steal banking logins, hoover up text messages and intercept software certificates designed to prove the validity of communications, according to FireEye, which found the software.
FireEye found email evidence suggesting victims’ bank account passwords had been intercepted by the malware and sent to the hacker’s email accounts. It has worked with Google’s Gmail team to take those email accounts down.
It was able to do so because on first inspection it appears to have very little functionality, uninstalling itself when the user attempts to open it, telling the victim the app isn’t working, and leaving no visible traces.
Yet a closer look revealed the app contained malicious functionality encrypted and embedded in a folder which is unlocked remotely by the attacker using a DNS server with the Gmail SSL protocol. It was made difficult to delete as the uninstall option was disabled by the malware.
The app on download appeared to be just 711 lines of code, but once it decrypted its more malicious files, it expanded to 2.2MB.
“The little amount of code in the superficial app is one of the evasion techniques used by the hackers to mask the malicious classes that swell the app’s size,” FireEye said in a blog post.
Users should be able to pick up on the Android malware by looking at the permissions before installation, as it asks for full administrator access, which grants a lot of control to the app.
Malware continues to evolve to target people’s bank accounts. One recent variant, Dyreza or Dyre, was seen hoovering up people’s logins for Citigroup, Bank of America, Royal Bank of Scotland and its subsidiaries NatWest and Ulster Bank.
How well do you know network security? Try our quiz and find out!
CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation
Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…
Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…