icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
7 Aug, 2014 13:01

Smartphone hack: Malware able to steal anything infects 500,000+ devices

Smartphone hack: Malware able to steal anything infects 500,000+ devices

Banks should look for new – secure – ways of exchanging information with their clients after the emergence of malicious software which allows criminals to steal passwords and text message security codes from people’s phones, security firm Group-IB warned.

More than 541,000 smartphones running on Android in Russia, Europe and the US are already infected with malware which grants the perpetrators full access to people’s mobile devices, a report by the Moscow-based company said.

The hostile program is distributed through “massive spam on the SMS-messages,” Nikita Kislitsin, head of botnet intelligence at Group-IB, told RT.

“People would receive different messages saying something like: ‘Hey, this is my fresh set of photos. Please download it.’ And it turns out that just that it’s a piece of malware,” he said.

“The criminals come up with new…social engineering techniques to trick people… They try to imitate well-known companies; they try to mimic to software updates to well-known software applications or plugins.”

A pirate website mimicking Google Play Store. (Image from group-ib.ru)

According to the tech specialist, the cyber thieves are looking for people’s money as “It’s no secret that all the banks in Russia – like 90 percent of them – they’re using SMS-messages to deliver secret codes in order to confirm money payments.”

When the malware is installed, the criminals “get access to pretty much everything you have on your phone” – text-messages, calls, photos, contact list and so on, Kislitsin said.

“They’ll look in your messages for SMS from your bank to find out how rich you are. Mostly, you can find the information about your balance on your banking account and based on this information they can conclude how interesting you are,”
he added.

The malware gives “the ability to send any arbitrary SMS from your phone to any number in the world and perform phone calls from your phone to any number in the world.”

Group-IB released a screenshot, showing a program, which the criminals use to organize the information they steal.

A drop-down menu next to each of the victims’ phone numbers provide full information on the device and gives such options like “grab SMS, perform phone calls, steal contact list, get images,” Kislitsin explained.

Interface for the program used by the criminals to organize stolen phone data. (Image from group-ib.ru_

Another problem is that it’s almost impossible to track the rough program when it’s already installed on the phone.

“Mostly, people notify that they’re hacked when they’re losing money… General people wouldn’t notice this malware for years because it doesn’t give a sign – any sign – that its’ installed,”
he said.

Talking about protection from the possible attack, Kislitsin has urged the smartphone users not to be “naïve.”

“In 95 percent of the cases, people do install malware by themselves. It’s not a super Zero Day, which allows to execute any arbitrary code without any sign. Next advice is to use anti-viral software. But it’s not a guarantee at all,” he said.

“You’re also 100 percent secure with your old phone [from five-10 years ago]”
as the malware is too complicated for them, the tech specialist added.

Kislitsin believes that to really solve the problems the banks should completely rethink the way they exchange sensitive data with their clients.

This branch of cybercriminal activity started around a decade ago when the banks started using text messages as a secure way to confirm payments, but now we need a news system, “something better,” he said.