Modern field guide to security and privacy

Sophisticated banking malware targets Android users

Researchers have discovered malicious software targeting online banking customers that use Android smartphones and tablets, the latest indication of a surge in attacks against the platform. 

Jeff Chiu/AP
Android 6.0 doesn't add as many features as its predecessor, but includes some important security and power tweaks. Here, Google exec Sherice Torres shows the Android Pay icon on a phone running a test build of Android 6.0.

Android smartphones have become a popular target for criminal hackers looking to steal personal information and break into bank accounts.

Now, researchers at the Slovakian security firm ESET say they've discovered a new strain of malicious Android software called Spy.Agent.SI that could be particularly dangerous to users.

The malware, targeting 20 of the largest banks in New Zealand, Australia, and Turkey, locks up the device's screen unless users give up their login credentials. The malware can also capture text authentication codes sent out by banks – compromising two-factor authentication. 

Hackers disguised the malware as a version of Adobe Flash Player, a widely used tool that runs video and animations on Internet browsers. As with most malicious tools that target Android devices, Spy.Agent.SI only impacts users that download their software from unofficial third-party mobile application stores instead of Google Play.

Once downloaded, Spy.Agent.SI prompts the user to grant it access that makes it hard to uninstall the malware. It then collects and sends a slew of information about the Android phone to an external computer controlled by hackers, including the name of every application installed on the device. 

If the user has a mobile app from from one of the 20 banks targeted by Spy.Agent.SI, the malware serves up a fake login page, disguised to capture login credentials and send them to another computer – where they can be used to steal money from bank accounts.

Though hackers designed the malware to go after customers in Australia, New Zealand, and Turkey – Spy.Agent.SI could be easily tweaked to target customers of any bank in the world.

Spy.Agent.SI is one of thousands of increasingly sophisticated Android hacking tools that have surfaced over the past few years. Android’s enormous popularity – more than 82 percent of the world’s smartphones run the Google operating system – has made it a prime target for attackers looking to steal identity information and other data. According to a recent Hewlett-Packard survey, criminals only target one operating system – Microsoft's Windows platform – more than Android. 

Malicious attacks on Android smartphones and tablets accounted for 18 percent of all cybercrime last year compared to about 42 percent for Windows, according to HP. Even more worrying, attacks against Android are growing much faster than most other platforms.

Jon Oltsik, an analyst at the Enterprise Security Group, says there are several reasons why Android has become such a popular target for hackers. Unlike the iPhone’s iOS software, which is completely controlled by Apple, Android's open source code is publicly available to inspect and build upon. “The bad guys can pull it apart, find its weaknesses, and exploit them more easily,” Mr. Oltsik said.

"Second, the Android installed base is huge, much bigger than iOS," he said. "Third, vendors have different versions of Android and don’t always distribute patches in a timely manner."

Android also has a much larger user base than iOS, Oltsik said, and vendors often fail to deliver software patches quickly, giving hackers more leeway to exploit customers, especially in Asia, where users use smartphones for online banking more than desktops.

"So if you want to steal user credentials," he said, "you attack Android."


of stories this month > Get unlimited stories
You've read  of  free articles. Subscribe to continue.

Unlimited digital access $11/month.

Get unlimited Monitor journalism.