November is off to a rough start for Android phone security as two virulent strains of malware have been making the rounds. Between a triple-threat data theft attack and a banking Trojan discovered on the Google Play store itself, these are the threats to look out for this month.
Malware on Android is nothing new but generally, these attacks are relatively simple compared to the types of malware found on other devices. That same cannot be said for the recent Marcher malware, which uses a three-pronged attack to steal user information and banking credentials. Marcher starts its attack with a phishing email delivered directly to a user’s phone. The email takes on the appearance of a user’s bank and provides a misleading link to a fake banking website. From here, a user will be prompted to input their PIN and personal information. All information entered on this fake banking website gets recorded and after a failed login attempt, the user will be prompted to install a separate security app which contains the actual malware itself.
The Marcher malware app requests an extensive list of permissions when it is being installed that gives it near complete control of a user’s phone. Everything from reading and sending text messages to changing system settings and even locking the device itself. If stealing banking credentials and user information directly wasn’t bad enough, once Marcher is installed it also overwrites the users Android Play Store account and requires a credit card check every time the application is opened.
Early reports of Marcher show that as many as 20,000 people have clicked through the phishing scam email, roughly 7% of which also went on to install the Marcher malware itself.
While not as advanced as Marcher, our second Android security risk for the month is perhaps more insidious since it has managed bypass Googles screening process and land on the official Google Play Store.
This week marks the third time that BankBot has managed to bypass Google security and end up on the Play Store. BankBot is capable of mimicking a variety of financial phone apps in order to steal user credentials and payment information. Similarly to Marcher, BankBot gains much of its power from the permissions it requests when it is installed. These permissions grant BankBot the ability to read and send instant messages as well as access the internet. Google has already removed the BankBot contaminated app but given that this is the third time that the malware has made it past Googles security screening, it should still be viewed with concern.
Unfortunately, Android remains the most vulnerable mobile device operating system. Androids ease of use and ubiquity makes it an ideal target for malware designers. Downloading 3rd party apps to your smartphone should be avoided whenever possible. If you must download something, make sure that it is from the Google Play Store itself; although, as proven by BankBot, even that is not a guarantee of security. In general, it is always a good idea to keep a close eye on your mobile banking accounts and a mobile security solution is a good investment if you regularly use your phone to handle important transactions.
