The SpyEye Trojan has evolved yet again, as the latest version can intercept Short Message Service texts from compromised Android smartphones.
Dubbed "Spitmo," the new variant is currently being distributed from compromised Spanish banking Websites and targets Android devices.This is the first SpyEye variant for Android. Previous versions targeted mobile devices running Nokia's Symbian and Research in Motion's BlackBerry OS.
Users on the compromised Websites are prompted to download and install the malicious app onto their Android device via the mobile browser. After the app is installed, the victims call a telephone number to receive an "activation code,It's a cumbersome process to compromise the user, but once installed and activated, the app can then intercept all SMS texts sent to and from the device. The messages are forwarded to command-and-control servers operated by the malware gang.
Ironically, the user is told the app is supposed to protect text messages from being intercepted and is required before accessing the bank's online services from mobile devices.
SpyEye is a highly sophisticated malware family that can compromise user accounts and steal personal information
Dangerous hacks come in small packages. Or they will, perhaps, when an app called Anti, or Android Network Toolkit, hits the Android market next week. The program, which Israeli security firm Zimperium revealed at the Defcon hacker conference in Las Vegas Friday and plans to make available to Android users in coming days, is designed for penetration testing–in theory, searching out and demonstrating vulnerabilities in computer systems so that they can be patched. Anti aims to bring all the hacking tools available to penetration testers on PCs to smartphones, with an automated interface intended to make sniffing local networks and owning remote servers as simple as pushing a few buttons. “We wanted to create a penetration testing tool for the masses, says Itzhak “Zuk” Avraham, founder of Tel-Aviv-based Zimperium. “It’s about being able to do what advanced hackers do with a really good implementation. In your pocket.”