The SpyEye banking trojan that’s been affecting PC users has now made its way onto Android. The developers of the malware have created a trojan called Spitmo which is made to target Android users by asking already infected desktop users to install their special “security software” in order to work with their bank’s online services on their mobile device.
If you’re gullible enough to take the bait your SMS messages will then be intercepted and uploaded to the crooks’ servers. Why SMS messages? The SpyEye developers have use the trojan to intercept the one-time SMS pass codes many banks use as a key defense to thwart password logging software.
If you think the problem of malware is a unique to Android, researches also found that SpyEye’s Android malware appears to be similar to a banking trojan used to steal SMS messages from Symbian devices.
This is all pretty scary stuff but once again, if it isn’t in the Android Market — don’t download it. And knowing is half the battle.
[Via TheRegister]
The way I understand this, is that you get infected on your Windows machine.. It installs a bot, and key logger.. When you go to a bank site (on your PC) that does things they way they want it to (I guess the bank SMS’s some kind of pass code to your phone), it will pop up some security warning telling you you need to install some password protection software on your phone.. This software then steals your SMS passcode.. So they have your bank account username and password, and the passcode, and those 3 things are all they need to start draining..
.
.
I am again glad that I use Linux.. It’s not as many think, that these malware writers don’t attack Linux because there are less users.. It’s because Linux handles executables differently, and tricking someone to run an executable, or running it secretly is extremely difficult.. As to the Second half of this 2 part scheme, I can not find any information on where the dupes are supposed to install this to their phone from ? .. I would think that the number of victims would be low, but I suppose if people try really hard they could fall for this.. suppose it doesn’t take many to make it worth the risk for these bastards.
This doesn’t “secretly” run any executable. It asks you to install security software, and the user allows it to run. That’s not a secret.
The difference between Windows users and Linux users, is that the average Linux user is more knowledgeable than the average Windows user about computers as well as security. If it was written for Linux, the *average* Linux user wouldn’t have the virus on their computer in the first place because they (for the most part) understand how to remain safe on the internet more than the *average* Windows user.
That being said, I am a Windows user and have not had anti-virus on my computer for 7-8 years now. Not because I’m stupid, not because I’m poor and can’t afford it. Because it slows down the PC like crazy, and I know how to stay safe on the internet even without anti-virus. But I am not the *average* Windows user.
What are you running? Windows 98 and Intel 486?
On the PC side is where the Bot and key logging software are installed, and you would never know
Okay excuse my ov since it makes me trashy.
Linux is not just for advance users yes Linux user are more aware ov there software but has nothing to do with that. Linux the root system compared to Windows is not part ov the user you need su to even change anything in the linux root system. Im going to f this up but if not mistaken vista actually tried this keeping the root system separate from the user files. Basically in Linux your just a user you have no control as just a user to change, modify or remove root system files unless you have permission hence Super User. Now if you where to d/l a linux app then not knowing the source ov the app it had a virus and you did like in ubuntu sudo then enter your password your screwed just as if you where using Windows. Windows problem is that there is no guideline what so ever I could go into your computer on my own account remove a system file and it would corrupt your whole system. Now come to my computers that run Unix and Linux ill aloow you to try and remove, modify or change my root file system ill tell you god speed and i hope you have atleast 3 years to kill to hack my password to gain SU then I give you mad props to if you can.
But I can agree its education is key for sure. I used Windows til 95 then left to go to and study Linux. My mother wasnt happy at that time but now shes happy cause it paid off.
if you don’t have anti-virus software installed on your computer… how would you know if your computer is actually infected or not? There is nothing to prevent or even inform you that your computer is actually infected… Heck… your computer might have over 100 viruses already… Hackers are probably laughing their pants off right now and monitoring your every key stroke and draining your bank account couple of dollars a day for the last 7-8 years… This goes for all Mac Users as well… Since most of the Mac Users don’t have anti-virus software installed on their Mac… how would they know if their computer was already infected?
Amd knowing is half the battle. Irony is most ov these viruses and malware attacks are more common when people are doing something our stealing something you should ov paid for in the beginning. Note I understand this might not be the case but most ov the reported malware I seen was put in pirate games I say it serves them right crime doesn’t pay. But I think Android needs to crack the whip thou and button up malware on the market cause it’s there just waiting to be released.
Most Linux users are the ones that are doing the hacking you can’t hack using windows and why shit where you eat.
Besides what I stated Linux works different from my research I found that Linux and UNIX are closely related to what a true operating system suppose to be compared to Windows. But with needing user permissions in order to change anything to the file system it’s hard for anything to survive the Linux ecosystem. But there are viruses out there so Linux is not even safe but is the safest thou.
What the hell is with this whole spelling of “ov”???? It looks idiotic and makes people sound extremely trashy.
You know what I personally dont care. I dont set trends nor make them i use ov instead of if you got a problem skip over my comments. I use ov since i was in a black metal band at the age ov 10 so I dont care. If that makes me trashy cool but this has nothing to do with the article posted so thanks for the sidebar but really don’t care. FYI do some studying into the history ov cultures and you’ll find out in some countries it was illegal in the dark ages and other eras you couldn’t use certain letters F being one ov them if your a polish american youll know there are a few letters we cant use Dyngus Day why there no i instead ov the Y they use cause its banned and not allowed to be used theres your lesson know waste a teachers time thats what they get paid for
Why not just run winconfig permissions on your desktop? Wouldn’t that save most of the hassle in these executables? I wonder if there is something similar to winconfig on the droids.