New Security App on Android is Malware

By Antone Gonsalves, 19-Jun-2012

Android Security Suite Premium -- loaded with Zeus variant ZitMo -- is a threat to companies given the bring-your-own-device (BYOD) trend.

Google's Android mobile platform is the target of a new variant of a widely used malware capable of stealing personal information.

The latest Zeus malware masquerades as a premium security app to lure people into downloading the Trojan, Kaspersky Lab reported Monday. The fake security app, called the Android Security Suite Premium, first appeared in early June with newer versions released since then.

Such malware presents a threat to consumers, as well as businesses that allow employees to use their personal devices on the corporate network. A Dimensional Research survey of IT professionals found that more than 70 percent said mobile devices contributed to increased security risks and that Android introduced the greatest risk. Issued in January, the report was sponsored by firewall vendor Check Point Software Technologies.

The new Zeus malware steals incoming text messages and sends them to command-and-control servers operated by the attackers. Depending on the apps installed on the Android device, the text could include sensitive data, such as password-reset links.

"It is also important to mention that these malicious apps are able to receive commands for uninstalling themselves, stealing system information and enabling/disabling the malicious applications," Denis Maslennikov, a Kaspersky security researcher said in a blog post. The malware installs a blue shield icon on the smartphone or tablet menu and shows a fake activation code when executed, Kaspersky said. The app uses a series of six command and control servers, one of which was linked to Zeus malware found in 2011.

The new Zeus malware steals incoming text messages and sends them to command-and-control servers operated by the attackers

"The newest variant of ZitMo demonstrates the commitment to effective mobile spyware development and distribution that cybercrime has made," Kurt Baumgartner, senior security researcher at Kaspersky Lab, said by email.

Android application infections increased dramatically in the first quarter of this year, driven by a surge in attacks on personal data, according to the E-Threat Landscape Report released in April by security vendor Bitdefender. Cyber-criminals often hide the malware in apps sold in online stores.

The Dimensional survey found that 65% of the 768 IT pros polled allowed personal devices to connect to corporate networks. Apple's iOS, used in the iPhone and iPad, was the most common platform, with Android coming in third behind Research in Motion's BlackBerry. Android was found in companies represented by one in five of the respondents.

A factor that increases the risk of malware such as Zeus is the lack of employee awareness. More than six in 10 of the IT pros surveyed said employee ignorance had the greatest impact on mobile security.

The types of corporate information most often found on mobile devices were e-mail and contacts. Other information cited by the respondents included customer data, network login credentials and data made available through business applications.

Zeus was first discovered in 2007 as a keystroke logger and form grabber that ran in a browser. The malware is primarily downloaded through phishing schemes or by visiting malicious Web sites. The mobile version of Zeus, called ZitMo, was first discovered a couple of years ago.

In other Android security news, Tokyo police have arrested six men accused of distributing malware through an application downloaded from a porn site, the newspaper Yomiuri Shimbun reported. When launched, the Android app would demand fees and steal the victim's personal information.

The suspects are accused of swindling more than 200 people out of $265,000. Two of the suspects were executives at separate IT companies.

Source: CSO (US)

LATEST NEWS

  • AMD may Build ExactTrak Data-zapping into its Chips, to Compete with Intel vPro

    AMD said Thursday that it signed a deal with ExactTrak to embed the security company's technology inside its microprocessors. While no new products accompanied the announcement, the deal leaves open the possibility that AMD-based PCs could be remotely zapped--yes, literally--by users or network administrators.

  • Intel to Close $15 bn (about Rs 90,000 crore) Deal to buy Altera

    California based global tech giant, Intel, is set to close a deal to buy fellow chip maker Altera Corp. for about $54 (about Rs 3,480) per share, 15 percent more than Altera’s closing share price on Thursday, $47 (about Rs 2,620).

  • Server Sales Bolstered by Cloud Expansions

    Server vendors recorded the strongest shipment growth in over four years for the first quarter, mainly driven by continued investments in the hyperscale server infrastructures that power public and private clouds.

  • Salesforce Doubles Down on Big Data with New Analytics Tool

    All the data "lakes" in the world won't amount to much if you can't figure out what they mean for your business. With that in mind, Salesforce on Thursday unveiled Salesforce Wave for Big Data, a new tool designed to help business users make sense of their information stores using the Salesforce Analytics Cloud.

More news »