A new piece of dangerous malware has apparently been discovered, RT.com reports, and it’s running on more than half a million Android devices from the U.S., Europe and Russia. The malicious program, which has been discovered by Russian security firm Group-IB, gives attackers complete control of those devices once it’s installed.
To fool unsuspecting users into installing the malware, hackers apparently use SMS and social networking-like campaigns.
“People would receive different messages saying something like: ‘Hey, this is my fresh set of photos. Please download it.’ And it turns out that just that it’s a piece of malware,” Group-IB head of botnet intelligent Nikita Kislitsin said. “The criminals come up with new…social engineering techniques to trick people… They try to imitate well-known companies; they try to mimic to software updates to well-known software applications or plugins.”
According to images provided by the publication, hackers have even mimicked pages from the Google Play Store in order to convince users to install malicious apps.
Apparently hackers are actually hunting for SMS messages that deliver banking information, especially for Russia. Depending on the things they learn about a target, the hackers then take further action.
“It’s no secret that all the banks in Russia – like 90 percent of them – they’re using SMS-messages to deliver secret codes in order to confirm money payments,” the exec said. “They’ll look in your messages for SMS from your bank to find out how rich you are. Mostly, you can find the information about your balance on your banking account and based on this information they can conclude how interesting you are.”
In addition to stealing financial information, the malware can also grab other information from an infected device, including contacts and pictures, and can initiate phone calls and send SMS messages.
Most importantly, the program can’t be tracked once it’s installed on the device, the firm said, although it did not reveal how it’s able to track it and how it knows that more than 541,000 devices have been infected.
“Mostly, people notify that they’re hacked when they’re losing money… General people wouldn’t notice this malware for years because it doesn’t give a sign – any sign – that it’s installed,” Kislitsin said.
“In 95 percent of the cases, people do install malware by themselves. It’s not a super Zero Day, which allows to execute any arbitrary code without any sign. Next advice is to use anti-viral software. But it’s not a guarantee at all,” he said.
Images showing a fake Google Play Store web page and an interface of a program used to manage Android devices infected with the unnamed program follow below.