New Threats on Android
- A study conducted by Trusteer focuses on a new Trojan horse (SpitMo) likely to hijacking banking credentials from users of Android mobile device.
- In March 2011, Google has had to face issues raised by several malicious apps, including a previous version of this Trojan (SpyEye), and explained that only device-specific information could have been retrieved. Nevertheless, considering “the nature of the exploits, the attacker(s) could access other data” (from Android versions prior to 2.2.2 according to Google). The US giant removed the malware from the Android Market and remotely disinfected to affected mobiles phones.
- Fraudsters are now relying on social networks and send malicious links by SMS. Once installed the Trojan could steal banking information and redirect transactions-related SMSs.
- When downloading this threat, the user believes he is completing fields from the legitimate banking app.
- Several players are working on these issues: recent discoveries and renewed debates on the security of Android devices (see March, May and June 2011 Insights) assert the significance of these efforts. Analysts also insist on the users’ role in malware proliferation, on their naivety and risky behaviour.
- Last July, a white paper by viaForensics focusing on trials of 32 financial apps (in Android and iPhone) revealed significant breaches and only 14 apps did successfully pass the tests
- As of the apps proposed by non-banking players: PayPal, pageonce and Wikinvest are the only ones to succeed. The iPhone version of Square and tested versions of Mint are particularly worrying as they allow access to critical data (password for Mint in Android and lack of secure data storing for Square in iPhone).
See dedicated page on viaForensics's website
- These figures are all the more significant that a study also published this month by comScore indicates that 32.5 million US customers (13.9%) had already used their cell phone to access banking information by June 2011; 12.7 million use m-banking apps (45% increase compared to end 2010).