Security researcher found an SMS-grabbing malware resembling a legitimate Android security application. The said malware believed to be just a test drive.
The android malware wants people to think that it is Mobile Security 9, legitimate mobile antivirus program created by Kaspersky Lab. The malware has the same application icon as the Kaspersky Lab icon, but once that it got installed in the Android device, the user will find out that it has no function except to grab the SMS.
Vanja Svajcer, a principal virus researcher at SophosLabs say once the malware launched it immediately tries to grab the unique device ID number and convert it into an activation code. The false activation is next displayed in a standard Android view. In the background, the application attempted to install a background receiver attempting to intercept SMS messages and send them to a Web server created by the hacker.
The new malware almost looks like the Zitmo, which got released in Mid June, this year. Although, the function is alike, it does not look like that its created by the same group or individual.
Denis Maslennikov, a security researcher at Kaspersky Lab said that Zitmo tries to disguise itself by hiding in an application called TrustMobile. Previously was available for download at the Android market. Back then, it is one of its kind since it is the malware that is available via Android market. As of now, the malware has already been removed from the market but the stolen data already stored onto the hacker’s server.
Zitmo is short for Zeus-in-the-mobile referencing to the mobile malware’s tie-in to the Zeus crime ware kit and related botnets. It favors criminals whose goal is to attack people’s personal, financial details. Zitmo targets platforms such as Symbian, Windows Mobile, Blackberry, and Android.
Maslennikov added that like the bogus Kaspersky application, Zitmo also work like a genuine mobile security application. Since the private IT security firms are able to detect the attackers’ intention to use the Android market to distribute its malware, the attacker now tries to sneak it onto other people’s smartphones through associated malware. The malware will only self activated once the user transact in bank websites. The malware disguised as security message from Trusteer, asking the user to download an application to protect the phone while transacting online. Once, that the user chooses the Android he owns, the user is going to be redirected to a not trusted website that would ask them to download the malicious Android application.