More malware targeting Google's Android mobile operating system has been discovered – this one aimed at mobile banking and money transfers.
The malware, called Stels, was identified by Dell SecureWorks' Counter Threat Unit (CTU). It is distributed via the Cutwail botnet, which also distributes the infamous Zeus banking Trojan. Users receive an email that claims to be from the US Internal Revenue Service (IRS), which tempts users into clicking on a link.
The link takes users to the Blackhole exploit kit, which attacks the Windows operating system. However the Blackhole exploit kit does not work on Android, so users on that operating system are tricked into downloading a fake Adobe Flash Player update.
Once the fake app is launched on the Android device a message is displayed claiming the phone does not support the update and that set-up has been cancelled. The icon is then deleted, tricking the user into thinking the app has been uninstalled.
The Stels Trojan is capable of downloading and executing files, stealing the contact list, reporting on information such as the phone number, operating system and IMEI, making phone calls and sending, monitoring and recording SMS messages.
Dell SecureWorks believes that the ability to intercept SMS messages means it could be used in conjunction with traditional banking Trojans such as “Zeus to bypass two-factor authentication systems that rely on mobile TAN numbers (sent via SMS) to complete fraudulent Automated Clearing House (ACH) and wire transfers from victim accounts.”
It can also make money for its creators by sending SMS messages and making phone calls to premium rate numbers.
Dell SecureWorks researchers said they ran the malware through 10 major mobile anti-virus programs available for Android but none managed to pick it up. None of the 44 anti-virus products tested through VirusTotal picked it up, either.
The researchers warned that mobile threats such as this will continue to increase. “As mobile devices increase in popularity, they become a lucrative target for cyber criminals. The Google Android platform is a common target due to its large market share and ability to run applications outside of the Google Play app store without jailbreaking the device.”
“The CTU research team anticipates attacks against Android devices will continue and advises customers to remain vigilant,” the group said.
Earlier this week it was revealed that Android malware targeting prominent members of the Tibetan community had been discovered. It is strongly believed that China was behind the malware attacks even though Citizen Lab, who made the discovery, did not name the country directly. That news came on the back of a similar discovery by Kaspersky Lab, although it is thought the two are not technically related.