( Update: check the latest version of Comodo’s mobile security app)
A new type of malware that tricks its victims in to sharing their login credentials in mobile apps has been found affecting Android smartphones.
The malware family, dubbed as overlay malware, inserts a fake mobile app over an authentic app that a user is trying to open and collects every data that the victim keys in, including their two-factor authentication information. The over laying process is rather simple yet ingenious, which is why it poses great risks to Android smartphone users all over the world.
Android is Google’s Operating System (OS) for mobile devices that powers nearly 1.4 billion smartphones globally, way ahead of its closest rival Apple’s iOS.
Overlay malware’s tactic is extremely effective because phone users use mobile apps on a daily basis, with many accessing their banking apps rather frequently. Users usually don’t give it a second thought when opening an app, and especially so when it demands them to provide their login information.
According to reports, the demand for overlay malware such as GM Bot is so high that its asking price in the underground malware market is as high as $15,000.
Android users are advised to update the older versions of OS (Android 5.0 and older) to the latest one and using caution when keying in their details on mobile apps. As an additional means of safety, users should install a trusted anti-malware or antivirus for Android software in their devices. Google Play features a range of antivirus apps to choose from.
The Lucrative Malware Black Market
GM Bot was priced at just $5,000 until a few months back, but its price spiked sharply right after the popularity grew.
Other overlay malware in the fray are KNL Bot, Cron Bot and Bilal Bot, the first two priced at $7,000 while the latter one available for $3,000 respectively. The malware black market operates online where most of the stakeholders are from Russia. The Russian hackers are notorious for authoring and spreading hazardous malwares that evade the latest capabilities, especially in the US market.
The codes behind GM Bot was leaked online some time back, making it easier on antivirus for Android programs to identify and block it from a victim’s phone, but cybercriminals are reportedly working on it to beat anti-malware and internet security suites. Hackers are known to tweak the original coding in known malwares and make them indistinguishable to antivirus for Android software.
As is the case most of the times, the market for malware is more lucrative and widespread in Android platform than the iOS or Windows mobile OS. Off late, it’s not the money-grubbing cybercriminals who want to steal user data, but many professional organizations including state governments, intel agencies and even businesses are equally in the ploy to achieve their vested interests.