Researchers discover new Android Trojan

Cyber threat researchers have discovered a new Android Trojan called Stels which is designed to steal text messages

Cyber threat researchers have discovered a new Android Trojan called Stels which is designed to steal text messages.

These messages may include Mobile Transaction Authentication Numbers (mTAN Numbers) used for two-factor authentication, according to the Dell SecureWorks Counter Threat Unit.

The Stels malware can also harvest a victim's contact list, send and intercept text messages, make phone calls to premium numbers and install additional malware packages. 

The Android malware is being spread via spam campaigns using malicious emails pretending to be from the US Internal Revenue Service (IRS) via the Cutwail Botnet.

The spam usually entices users into clicking on links that redirect to the Blackhole exploit kit, which looks for vulnerabilities in the user's web browsers and plugins on the Windows operating system.

How to protect against the Stels Android Trojan

  • Do not allow installation of applications that are not distributed through the official Google Play marketplace on the device.
  • Prior to installing applications on an Android device, be wary of the application-level permissions an application requests. 
  • Be critical of applications that request sensitive permissions such as INTERNET and READ_LOGS.
  • Be wary of attachments and links contained in SMS, email and instant messages.

However, because the Blackhole exploit kit is currently unable to exploit an Android device, the attackers are using spam campaigns and a fake Adobe Flash Player update to trick victims into downloading the Trojan.

According to the Dell researchers, 10 of the major mobile anti-virus programs for Android last week failed to detect the Stels malware.

A Stels sample uploaded to VirusTotal on 12 March 2013 was not detected by any of the 44 anti-virus products.

The researchers said Stels appears to use an existing Android crimeware kit to steal sensitive information from a device and can be monetised by sending SMS messages and making phone calls to premium phone numbers.

Stels may be used in conjunction with traditional banking trojans, including Zeus, to bypass two-factor authentication systems that rely on mTAN numbers (sent via SMS) to complete fraudulent Automated Clearing House (ACH) and wire transfers from victims' accounts.

As mobile devices increase in popularity, they become a lucrative target for cyber criminals, the researchers said.

More on mobile malware

The Google Android platform is a popular target due to its large market share and ability to run applications outside of the Google Play app store without jailbreaking the device.

The researchers said they expect attacks against Android devices to continue and advised users to remain vigilant.

Read more on Endpoint security