If you’re an Android user, you should be extra careful since another dangerous malware, a banking Trojan, is currently targeting the operating system. McAfee researchers have called the threat SpyLocker.
SpyLocker displays phishing pop-up windows with credential prompts addressed at customers of European Union banks and users of several popular Android apps, such as Google accounts, eBay or Instagram.
A Look into SpyLocker Malicious Operation
This is not the first SpyLocker has performed attacks on Android devices. Its initial campaign relied on distribution via adult content pages and a compromised Flash Player app. The first victims of the malware piece were customers of banks in Turkey, New Zealand, and Australia.
The current malicious campaign is also distributed via a compromised Flash app or a fake Android system update. However, cyber criminals are now employing compromised WordPress and Joomla websites.
Researchers have made another interesting discovery – the malware is somehow similar to Police Locker, which was detected in 2014.
More about:
Cyber.Police Ransomware
Simple Locker Ransomware
According to the researchers, victims of the current SpyLocker campaign are located in France, Poland, and the UK, and are customers of banks in the same countries. Modules for Russian banks have also been discovered in the malware. However, they were not activated.
SpyLocker Malicious Activities
Once installed, SpyLocker will harvest whatever data it needs, and will send it to a command & control server. The malware can:
- Obtain administrator privileges;
- Intercept incoming SMS messages;
- Access the victim’s call history;
- Check the installed apps.
Overall, SpyLocker seems to be equipped with all the tools that a typical modern Android banker has. One way to prevent infections with malware of this type is by never granting admin rights to applications, especially if downloaded from unsecure websites.
More about Android App Permissions
In short, remember to:
- Research your applications before installing them;
- Carefully read the privacy policy, terms of service and list of permissions in Google Play Store;
- Check if the permissions the app asks are covered by the app’s functionalities;
Android and Antivirus Protection
Android users, take notes. Of all mobile operating systems, Android seems to be in the biggest need of AV protection. Various researches and statistics point out that Android is indeed the most targeted mobile OS, with more than 95% of mobile malware preferring it over other OS, Trojans such as SpyLocker included.
It’s no secret that Android app stores are full of suspicious third party products that aren’t screened properly. So, it’s quite possible that the next time you download a random (malicious) application, you get yourself an Android-specific malware, like the one described in this article.
And don’t forget that Adobe ended the development of Android Flash in 2012. Any attempts prompting you to install Flash on your Android devices should alarm you instantly of malicious behavior.