Android RAT impersonates Kaspersky Mobile Security
Posted on 05.08.2014
A clever malware delivery campaign impersonating well-known AV vendor Kaspersky Lab is actively targeting Polish Android users.


It all starts with a spam email sporting the firm's logo and warning users that a "virus" designed to steal SMS codes (mTANs) used to authorize transfers has been detected on their phones.

The email claims that the scanning of the phone was done by Kaspersky Lab, which has been commissioned to do so by the users' bank. "To prevent theft of cash from your account, please promptly install Kaspersky Mobile Security Antivirus on your mobile device," it urges, and apparently helpfully offers the security solution in the attachment.

Unfortunately, the attached file - Kaspersky_Mobile_Security.apk - is not a security solution, but a variant of the Android SandroRAT, whose source code has been made available for sale on online forums late last year.

This malware can steal the users' contact list, SMS messages, browser history, bookmarks, GPS location, as well as to intercept incoming calls and text messages, send the latter, update itself and download additional malware, use the phone's microphone to record surrounding sounds, and more.

"A novel functionality of this threat is its ability to access the encrypted Whatsapp chats and obtain the unique encryption key using the Google email account of the device to get the chats in plain text and store them in the file waddb.sr," McAfee researchers revealed. This functionality does not work if the user has the latest version of the popular app.

"Spam campaigns (via SMS or email) are becoming a very popular way to distribute Android malware," the researchers warn. "This attack gains credence with the appearance of a bank offering security solutions against banking malware, a typical behavior of legitimate banks."









Spotlight

Targeted attack protection via network topology alteration

Posted on 17 October 2014.  |  This article from Trend Micro tackles how network topology can aid in defending the enterprise network from risks posed by targeted attacks.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Oct 20th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //