Security experts are warning that Android users should brace for a potential spike in hacking attacks after the source code and step-by-step instructions about a piece of malware designed to steal banking credentials was leaked online via an underground forum. Alex Mathews, lead security evangelist at Positive Technologies commented below.
Alex Mathews, Lead Security Evangelist at Positive Technologies:
“This Trojan uses a very common technique to attack any mobile banking app. If an app was granted device admin permission it has privileged access to the device. On the other hand, device admin permission allows malware to protect itself from being removed. After it is safely installed, the malware uses simple phishing to collect user’s credentials and perform dangerous actions on his behalf.
“If an attacker gets this Trojan source code he can target different applications by replacing the phishing activities with those he needs. It’s not a problem to extract login screen from legit application available on the market, then copy it and embed into a malware apk file. That’s why the number of similar malware species is expected to increase and this Trojan can appear in other countries too.
“To protect yourself from this kind of Trojan you shouldn’t visit suspicious links or install applications from untrusted sources such as third-party markets and applications from websites.
“You can also check out Settings -> Security -> Device Administrators and disable the privileged access for applications you don’t trust.
“Two-factor authentication that involves standalone hardware token generators can mitigate the risk of such attacks. Otherwise malware can read one-time-passwords from SMS or get OTP from a token generating app on the same device.”