SMS stealing apps uploaded to Google Play by Carberp banking malware gang

The apps were designed to steal mobile transaction authentication numbers from Russian online banking users, Kaspersky Lab says

By Lucian Constantin, IDG News Service |  Security

The new Carberp-in-the-Mobile (CitMo) apps found on Google Play masqueraded as mobile applications from Sberbank and Alfa-Bank, two of Russia's largest banks, and VKontakte, the most popular online social networking service in Russia, Maslennikov said. Kaspersky contacted Google on Wednesday and all CitMo variants were deleted from the market by Thursday, he said.

However, the fact that cybercriminals managed to upload these apps to Google Play in the first place raises questions about the efficiency of the app market's anti-malware defenses, such as the Bouncer anti-malware scanner announced by Google earlier this year.

"It seems that it's not that hard to bypass Google Play's defenses because malware continues to appear there regularly," Maslennikov said via email.

Bogdan Botezatu, a senior e-threat analyst at antivirus vendor Bitdefender, believes that it might be hard for Google's Bouncer to detect ZitMo, SpitMo or CitMo components because they are functionally similar to some legitimate applications.

"The mobile version of the Trojan is only responsible with hijacking the received SMS and forwarding its contents to a different recipient, and this behavior is also found in legitimate applications, such as SMS management apps or even applications that allow the user to remotely control their devices via SMS in the event they get stolen or lost," he said via email. "SMS interception is a feature that is well documented on forums, along with sample code. If the same sample code is used both in malicious and legit applications, it would be even harder to detect and block."

The ability to use Google Play to distribute SMS stealing apps offers advantages to cybercriminals, Botezatu said. First of all, some user devices are configured to only install apps obtained from Google Play. Also, users are generally less suspicious of apps downloaded via Google Play and pay less attention to their permissions because they expect the applications to be what their descriptions claim they are, he said.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.

     

    Learn more

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question
randomness