14 DAY TRIAL // A fresh piece of malware targeting Android users has been identified, which, once launched, gives no choice but to award it administrator privileges.
Identified as Android.BankBot.21.origin by Doctor Web security company, the fresh strain is designed to steal credit card details when purchasing items from Google Play Store. It also comes with the ability to intercept and send short text messages.
The researchers have found out that the malicious app is distributed as Adobe Flash Player, which makes plenty of unsuspecting users susceptible to becoming its victims.
The interesting part reported by Doctor Web is the fact that the rogue app is very aggressive in its attempt to gain elevated privileges on the system.
Once launched, the prompt for admin advantages is displayed every 0.1 seconds, which means that the user has no other choice but to comply. This ensures a certain degree of resistance if the action to remove it from the device is taken.
“In order to get hold of credit card information, Android.BankBot.21.origin checks the availability of an active Google Play application window. If one is present, the malware displays a standard credit card information form used to associate a credit card with an account,” says Doctor Web in a blog post.
By establishing a connection with a remote machine, the card details are sent to the cybercriminals; these include number, expiration date, CVC code, address and the phone number of the victim.
Additional details, like the model of the phone terminal, IMEI code, version of the operating system, list of installed apps, and all the short text messages, are also delivered to the command and control server.
According to the analysis carried out by Doctor Web, the attackers have the possibility to send a set of commands to the infected device. The channel for communicating them does not necessarily have to be direct, as there is also the possibility to deliver the instructions via SMS.
Given the ability to send messages, cybercrooks can use the device under their control to send premium-rate texts, ensuring a larger profit.
The security company says that it found evidence that the malware could be used to debit bank accounts.
One way to protect against malware infecting Android devices is to avoid downloading apps from markets that are not properly verified. Also a good idea is to refrain from installing software that makes the promise of something too good to be true.