As reported yesterday, Trusteer has discovered a virtually undetectable Android trojan called SpitMo that links with the infamous SpyEye Windows malware.
According to Dinesh Venkatesan of Total Defense's security research division, one of the core payloads of SpitMo is to intercept the incoming messages and send the content to a remote server, which is a similar approach seen in the Zeus of Android attack, he notes.
After infecting an Android emulator with SpitMo, Venkatesan generated a text message from another device and watches the malware intercept the text, and route it to an online command-&-control server.
After analysing the code hooks used, he was able to trigger the payload again, but controlling the flow of the execution using the hooks concerned.
“As mentioned earlier, this sample [shows that] straight forward and proper user education is the most viable solution for such social engineered trojans. As always we suggest users to exercise basic security principles and use a mobile security suite while operating your smartphone in the wild”, he says in his latest security blog.