Monday, March 11, 2013

Perkele - Android Malware Swipes SMS Messages

via Kreb's on Security...
An explosion in malware targeting Android users is being fueled in part by a budding market for mobile malcode creation kits, as well as a brisk market for hijacked or fraudulent developer accounts at Google Play that can be used to disguise malware as legitimate apps for sale... 

Unsurprisingly, this particular entrepreneur also sells an Android SMS malware package that targets customers of Citibank, HSBC and ING, as well as 66 other financial institutions in Australia, France, India, Italy, Germany, New Zealand, Singapore, Spain, Switzerland and Turkey (the complete list is here). The targeted banks offer text messages as a form of multi-factor authentication, and this bot is designed to intercept all incoming SMS messages on infected Android phones.

This bot kit — dubbed Perkeleby a malcoder who goes by the same nickname (‘perkele’ is a Finnish curse word for “devil” or “damn”) — does not appear to be terribly diabolical or sophisticated as modern mobile malware goes. Still, judging from the number and reputation of forum buyers who endorsed Perkele’s malware, it appears quite popular and to perform as advertised. (more)


Tip: Before downloading an app, check out the name of the app developer. If it's a name you aren't familiar with, do a quick Web search for either the developer's name or the name of the app. Anything questionable about the developer or the application should come up. (more)