The SpyEye Trojan has evolved yet again, as the latest version can intercept Short Message Service texts from compromised Android smartphones.
Dubbed “Spitmo,” the new variant is currently being distributed from compromised Spanish banking Websites and targets Android devices, Ayelet Heyman, a senior malware researcher at Trusteer, wrote on the company’s blog. This is the first SpyEye variant for Android. Previous versions targeted mobile devices running Nokia’s Symbian and Research in Motion’s BlackBerry OS.
Users on the compromised Websites are prompted to download and install the malicious app onto their Android device via the mobile browser. After the app is installed, the victims call a telephone number to receive an “activation code,” Heyman said. It’s a cumbersome process to compromise the user, but once installed and activated, the app can then intercept all SMS texts sent to and from the device. The messages are forwarded to command-and-control servers operated by the malware gang.
Ironically, the user is told the app is supposed to protect text messages from being intercepted and is required before accessing the bank’s online services from mobile devices.
SpyEye is a highly sophisticated malware family that can compromise user accounts and steal personal information. Typically spread from infected Websites, SpyEye also has a number of Zeus features because it merged with the banking Trojan’s source code late last year. Available as a toolkit on underground forums, a cracked version was released recently, making it more likely that more SpyEye variants will be discovered over the next few months.
While the latest version is currently in Europe and Australia, Trusteer researchers expect it to come to the United States soon.