FireEye warns of new breed of Android malware

Security researchers have discovered a new breed of mobile banking Android malware

Researchers at security firm FireEye have discovered a malicious Android app that combines private data theft, banking credential theft and spoofing, and remote access.

The app which disguises itself as “Google Service Framework” is the first Android malware sample of its kind, combining all three activities.

The researchers are unsure of the app's origination or distribution, but said it is not connected to the official Google Play Store.

Once the app is installed and activated, it removes itself from the home screen but continues to run in the background.

It enables hackers to use a remote access tool (RAT) to disable any mobile anti-virus software, scan for banking apps installed on the phone and replace them with fakes.

It also enables attackers to initiate malicious app updates, steal text messages, send text messages and access contact lists.

The app cannot be removed unless users deactivate its administrative privileges.

FireEye said the app recognises eight Korean banks but that hackers could quickly add to that number.

The app’s incomplete functionality appears to be designed to conduct what the researchers described as “bank hijacking”.

Given the unique nature of this app, particularly its ability to pull down multiple levels of personal information and impersonate banking apps, the researchers have warned that a more robust mobile banking threat could be on the horizon.

So far, the Virus Total score of the sample is only five positive detections out of 54 anti-virus products, the researchers said in a blog post.

More on mobile malware

Junipers’ Mobile Threats Report: Mobile malware attacks grew over 600%

Mobile malware up 163% in 2012, says NQ Mobile

Android mobile malware rebounds in Q2, reports McAfee

Mobile malware and social malware: Nipping new threats in the bud

Mobile malware on the rise

Mobile security model flawed, says Mobile Helix


Read more on Hackers and cybercrime prevention