Filtered By: Scitech
SciTech

New Android malware disguises itself as antivirus app


Users of Android devices may want to verify their antivirus apps before installing them, lest the apps turn out to be malware.

Security vendor McAfee issued the warning after the discovery of the "SandroRAT" malware, which it said initially targets Polish banking users.

McAfee's Carlos Castillo said the malware comes as an attachment in a spam email claiming the user's phone has malware.

"The email tries to scare a user with the following subject:

Uwaga! Wykryto szkodliwe oprogramowanie w Twoim telefonie! (Caution! Detected malware on your phone!)"

The body of the message states that the bank is providing the attached free mobile security application to detect malware that steals SMS codes (mTANs) for authorizing electronic transactions," Castillo said.

He said the app tries to pass itself off as an app of Kaspersky Labs, "Kaspersky_Mobile_Security.apk."

But the app is actually a remote access tool (RAT), dubbed SandroRat.

"Just as any other Android RAT (such as AndroRAT), the malware can remotely execute several commands," Castillo said.

He said the app can:

- Steal sensitive personal information such as contact list, SMS messages (inbox, outbox, and sent), call logs (incoming, outgoing, and missed calls), browser history (title, link, date), bookmarks and GPS location (latitude and longitude).
- Intercept incoming calls and record those in a WAV file on the SD card.
- Update itself.
- Intercept, block, and steal incoming SMS messages.
- Send MMS messages with parameters (phone number and text) provided by the control server.
- Insert and delete SMS messages and contacts.
- Record surrounding sound.

The RAT can also open the dialer with a number provided by the attacker or execute USSD codes.

But the new threat can also access the encrypted Whatsapp chats and steal the encryption key using the Google email account of the device, though updated Whatsapp apps may offer better protection. — Joel Locsin /LBG, GMA News
Tags: malware, android
LOADING CONTENT