Follow Me

Sunday, 8 September 2013

Android Hit With Another Trojan Virus

As recently reported by Russian anti-virus organization Doctor Web, a new trojan malware is on the loose propagating through Android based devices that, among other things, is capable of intercepting the SMS text messages frequently used to facilitate two-factor authentication.  The trojan, which is a form of an already known family of malware called the ‘Android.Pincer’ family, manages to fool unsuspecting users into installing it by posing as a security certificate that prompts that it needs to be installed.
Once the user allows its installation, it then shows another faux message stating the “Certificate installed successfully! Your device is protected now.”  Meanwhile, the malicious app begins to collect personal data from the phone to then forward to remote servers. What’s more is that once the data is sent, the app enters a ‘wait for instructions’ mode during which it can receive commands from attackers, allowing them to begin sending SMS messages from specified numbers, terminate and execute applications on the phone, and intercept incoming messages.
By intercepting incoming messages, this malware is a first of its kind, capable of reading OTPs (One-time passwords) intended for two-factor authentication, hence negating the enhanced security the mechanism provides.
An age where we must be equally as wary of catching viruses on our phones as we are on our PCs is rapidly approaching.  Please ensure that when you hit that ‘allow’ or ‘install’ button, that you’re perfectly aware of whatever or whomever it is you’re allowing access to your data!

previous article
Newer Post
next article
Older Post


Email *

Message *