Researchers at security firm FireEye have discovered a malicious Android app that combines private data theft, banking credential theft and spoofing, and remote access.
The app which disguises itself as “Google Service Framework” is the first Android malware sample of its kind, combining all three activities.
The researchers are unsure of the app's origination or distribution, but said it is not connected to the official Google Play Store.
Once the app is installed and activated, it removes itself from the home screen but continues to run in the background.
It enables hackers to use a remote access tool (RAT) to disable any mobile anti-virus software, scan for banking apps installed on the phone and replace them with fakes.
It also enables attackers to initiate malicious app updates, steal text messages, send text messages and access contact lists.
The app cannot be removed unless users deactivate its administrative privileges.
FireEye said the app recognises eight Korean banks but that hackers could quickly add to that number.
The app’s incomplete functionality appears to be designed to conduct what the researchers described as “bank hijacking”.
Given the unique nature of this app, particularly its ability to pull down multiple levels of personal information and impersonate banking apps, the researchers have warned that a more robust mobile banking threat could be on the horizon.
More on mobile malware
Junipers’ Mobile Threats Report: Mobile malware attacks grew over 600%
Mobile malware and social malware: Nipping new threats in the bud