Banker Trojans still threaten Android users

Posted: September 24, 2013 in Articles
Tags: ,

Android HackedThe Android’s ecosystem is very open  and as a consequence of freedom, fraudsters easy spread malware.

As the number of people using smartphones to manage bank accounts, cyberhawks increasingly targets to the mobile users.

Banking Trojans on mobile were largely successful targeting older generation operating systems like J2ME and Blackberry, but haven’t made the headway they’d probably like to on Android and iOS”, – said Armando Orozco of Malwarebytes.

According to the expert, in the iOS platform has not been found any Trojan, probably because it is very difficult to put malware in the Apple App Store. The same can not be said about Android, but here banker Trojans are not yet fully settled.

“ZitMo, SpitMo and CitMo can be considered mobile relatives of Zeus, SpyEye and Citadel … They’ve all made a splash on Android and have had some success,” – said the expert. They work by intercepting text messages mTAN (mobile transaction authentication numbers) – an additional factor of user verification – and sends them to the attacker’s server .

One of the most important features of the Android’s ecosystem is the fact that the installation program does not require a certificate. “It shows how open is the ecosystem of Android, anyone can sign your application, and there is no check,” – emphasizes Orozco.

The researcher says that you must be careful when using online banking applications and stop using public WiFi networks in order not to lose their money. Also it is necessary to consult with bank employees about the safety of your application.

The publication of Armando Orozco can be found here .

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s