Another dangerous Android Trojan has been found, using the disguise of a legitimate security app and sending stolen information to a UK-based mobile number.
The malicious Android application package file, named “Certificate.apk”, comes disguised as a security download. One variant of the malware appeared on Android devices as a “Mobile Security” app.
On analysis of the Trojan, a piece of code contained a link to the Twitter handle of a “young Russian whose Google+ page lists employment as ‘Android developer’,” security firm F-Secure noted.
That could indicate the malware was written in Russia, before being sold to UK criminals. It would also suggest a global operation, according to Sean Sullivan, security adviser at F-Secure, who told TechWeekEurope a banking Trojan crew was most likely behind the operation.
He also noted how the Perkele Android Trojan, which was selling on the underground for as much as $15,000, sent stolen data to some UK numbers.
TechWeek understands the Russian involved is employed by a legitimate app developer in Russia, but is believed to be doing illegitimate Android applications on the side.
The aim of the Pincer Android Trojan appears to be to intercept banking codes to bypass two-factor authentication.
“Previous malicious mobile applications pretending to be certificates have been mobile components of banking trojans aimed at defeating two-factor authentication. The fact Pincer is able to forward SMS messages means it can certainly also be used as such,” read a blog post from F-Secure.
“The IMEI of the phone is used as an identifier by the C&C server. Other information sent there includes phone number, device serial number, phone model, carrier and OS version.
“Of note: Pincer checks to see if it’s being run in an emulator by checking the IMEI, phone number, operator, and phone model – a common ‘anti-analysis’ technique used by Windows malware.”
Last week saw a significant milestone in the development of Android attack tactics, as the Cutwail botnet was used to send spam containing links to sites serving malware for the Google operating system.
What do you know about Internet security? Find out with our quiz!
Workforce blow. Newly privatised Toshiba has embarked on a 'revitalisation plan' that will entail the…
European Commission opens an official child safety investigation into Facebook and Instagram-owner Meta Platforms
Hundreds of AI and cloud engineers are being offered relocation out of China by Microsoft,…
Workers at unionised Apple store in Maryland vote to authorise first ever strike, after delays…
Elon Musk loses bid to avoid court order to force him to testify in SEC…
Explore how cutting-edge technologies are reshaping decision-making, driving innovation, and propelling businesses into the data-driven…