Tuesday, January 12, 2010

Android App Used In Phishing Attack Steals Bank Login Details

It was recently discovered that an application found in Google's Android Market was infected with a trojan designed to steal users' bank login details. The program uploaded by Droid09 has already been removed from the Android Market following some quick action and publicity following a warning issued by US credit union First Tech from the 22nd of December, 2009.

According to First Tech's advisory, the application originated from the Android Market and didn't  specifically target First Tech customers. Apparently the application targeted several banks however First Tech was the only one seeming reporting the incident. The bank insured their customers that no First Tech customer suffered any financial damage, nor would they should they fall victum to the malicious app.

The application reportedly pretended to simplify the customer's mobile access to accounts at various different banks. Commenting on the issue Google spokesperson said "The Android Market Content Policy clearly states that we don't allow applications on Android Market to identify themselves with third-party marks without permission. If an application violates the content policy, we will remove it from Android Market, and developer accounts will be terminated for repeated violations."

The developer has been banned, but It's not clear how many people downloaded the fraudulent app before it was pulled by Google. Users who downloaded the app, or think they may have, should be sure to visit the "My Downloads" section of their Android phone to remove the application. 

While this may be one of the first know Android based malware attacks it certainly isn't the first to hit cellphones. Early last year we reported that Kaspersky Labs had discovered a new piece of malware that targets Symbian based cell phones provided by an Indonesian mobile phone operator. The virus know as Trojan-SMS.Python.Flocker, sends SMS messages with instructions to transfer part of the money in the user’s account to another account, which belongs to the cybercriminals.

This news should be a reminder that users should be extremely careful when downloading applications to any device! And be sure to take notice where and how your information is being used.

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you