Mobile top up promotions:

Movistar Argentina: Get Additional Mobile Bonus on Top Ups from October, 20 2014 to December, 31 2014 (GMT -0300)

Claro Colombia: Get 100% Online Bonus on Top Ups November, 28 2014 (GMT -0500)

Tigo Colombia: Get Additional Bonus on Top Ups from November, 07 2014 to November, 28 2014 (GMT -0500)

Claro Costa Rica: Get Triple Balance on Mobile Refills November, 28 2014 (GMT -0600)

Viva Dominican Republic: Get Double Balance on Mobile Recharges from October, 17 2014 to December, 10 2014 (GMT -0400)

Claro Ecuador: Get Double Balance on Mobile Recharges November, 28 2014 (GMT -0500)

Claro El Salvador: Receive Quadruple Balance on Mobile Refills November, 28 2014 (GMT -0600)

Claro Guatemala: Get Quadruple Balance on Mobile Refills from November, 28 2014 to November, 30 2014 (GMT -0600)

Movistar Guatemala: Get Sextuple Balance on Mobile Recharges November, 28 2014 (GMT -0600)

Digicel Guyana: Get Quintuple Mobile Bonus on Recharges from November, 27 2014 to November, 30 2014 (GMT -0400)

Digicel Haiti: Get 8x Mobile Bonus on Recharges from November, 25 2014 to November, 30 2014 (GMT -0500)

Digicel Haiti: Win Weekly Prizes on Top Ups from November, 03 2014 to December, 28 2014 (GMT -0500)

Natcom Haiti: Get Special Prize on Mobile Recharges from November, 25 2014 to November, 30 2014 (GMT -0500)

Claro Honduras: Receive Sextuple Balance on Top Ups from November, 28 2014 to November, 29 2014 (GMT -0600)

Tigo Honduras: Receive Triple Balance on Mobile Recharges from November, 01 2014 to November, 30 2014 (GMT -0600)

Digicel Jamaica: Win Weekly Prizes on Mobile Recharges from November, 03 2014 to December, 28 2014 (GMT -0500)

Movistar Mexico: Get Double Balance on Mobile Recharges from November, 28 2014 to November, 30 2014 (GMT -0600)

Telcel Mexico: Get Online Bonus on Top Ups from September, 01 2014 to January, 01 2015 (GMT -0500)

Claro Nicaragua: Get Sextuple Balance on Mobile Recharges November, 28 2014 (GMT -0600)

Movistar Nicaragua: Get Quintuple Mobile Bonus on Recharges November, 28 2014 (GMT -0600)

Movistar Panama: Get Triple and Quadruple Online Bonus on Top Ups November, 28 2014 (GMT -0500)

SpyEye targeting Android users - just a copy of Zeus's strategy?

AddThis Social Bookmark Button

SpyEyeIn the world of Window malware, SpyEye is a widespread malicious toolkit for creating and managing botnets. It is designed primarily for stealing banking credentials and other confidential information from infected systems.

SpyEye is a major competitor of the infamous Zeus toolkit.


Zeus (also known as ZBot) generated a lot of interest in the mobile security community a couple of months ago when an Android version was discovered.

Of course, we did not have to wait long before a version of SpyEye targeting Android was also developed, and sure enough a malicious SpyEye Android app was discovered a few days ago.

The functionality of Zeus and SpyEye on Windows is quite similar, so I was curious as to how similar their respective Android versions would be.

Zeus for Android purports to be a version of Trusteer Rapport security software. This social engineering trick is used in an attempt to convince the user that the application they are installing is legitimate.

SpyEye for Android, now detected by Sophos products as Andr/Spitmo-A, uses a slightly different but similar social engineering technique.

When the user of a PC infected by the Windows version of SpyEye visits a targeted banking website, and when the site is using mobile transaction authorization numbers, the SpyEye Trojan may inject HTML content which will instruct the user to download and install the Android program to be used for transaction authorisation.

The SpyEye application package does not show up as an icon in the "All apps" menu, so the user will only be able to find the package when the "Manage Applications" is launched from the mobile device's settings.

The application uses the display name "System" so that it seems like a standard Android system application.

 

Android system application

When installed, Zeus for Android displayed a fake activation screen, and Spitmo is again very similar.

However, Spitmo uses different tactics to convince the user that it is a legitimate application.

It applies for the following Android permissions:

android.provider.Telephony.SMS_RECEIVED
android.intent.action.NEW_OUTGOING_CALL


This allows the malware to intercept outgoing phone calls.

When a number is dialed, the call is intercepted before the connection is made and the dialed phone number is matched to a special number specified by the attacker in the alleged helper application installation instructions.

If the number matches, Spitmo displays a fake activation number, which is always 251340.

Spitmo app

Once installed, the functionality of Zeus and SpyEye are pretty much the same.

A broadcast receiver intercepts all received SMS text messages and sends them to a command and control server using an HTTP POST request. The submitted information includes the sender's number and the full content of the message.

So far, it does not seem that this attack is widespread, but it shows that the developers of major malicious toolkits are closely watching their competition and matching the latest features.

It also seems that support for Android is increasingly becoming an important part of their product strategy.
(NakedSecurity)