Variant of SpyEye Targets Android Devices

Researchers at security firm Trusteer claim a new version of the SpyEye Trojan horse program that targets mobile banking users with Android mobile phones and intercepts SMS text messages to and from the phone. However, significant obstacles may prevent it from spreading.

Android SpyeyeResearchers at security firm Trusteer claim a new version of the SpyEye Trojan horse program that targets mobile banking users with Android mobile phones and intercepts SMS text messages to and from the phone. However, significant obstacles may prevent it from spreading.

Writing on the company’s blog, Ayelet Heyman, a Senior Malware Researcher at Trusteer, said that the company had found the malware on a compromised machine in late July.  The variant is the first SpyEye known to target Android devices. Previous versions of the Trojan targeted devices running Nokia’s Symbian and Research in Motions Blackberry operating systems.

The new variant, dubbed “SPITMO,” is distributed from compromised Spanish bank Web pages. USers who visit those sites are prompted to download and install the malicious Android application. Its a cumbersome process that involves the victim pointing their mobile Web browser to a malicious binary hosted online, installing that application, then calling a predetermined number to receive an activation code. Once the activation code has been entered, the installed SpyEye Trojan is programmed to intercept SMS messages to and from the phone. Intercepted messages are forwarded to command and control servers operated by the SpyEye authors.

Needless to say, the multiple steps required to install the malware are making it difficult for it to gain much traction in the wild. However, the new Trojan does suggest that malware authors are grasping the potential of the fast-growing Android install base.

SpyEye is a common and sophisticated family of malicious program designed to compromise accounts and steal personal information. SpyEye is typically spread from infected Web sites, and its authors have been creative in tapping online resources, including Amazon’s S3 cloud, to distribute their wares. SpyEye programs have been linked to prominent Web-based attacks including  has been linked to numerous online attacks, including one on Verizon’s online billing Web site. Within the last year, the SpyEye and Zeus malware families have merged.

Suggested articles