A new remote access Trojan malware for Android devices, dubbed com.II, is threatening users' mobile banking data, SMS messages and contact lists.
According to a blog by security vendor FireEye, the offending RAT is able to disable anti-virus systems Android users have in place, before scanning for banking apps and replacing them with fake ones. The malware then installs malicious app updates, steals and sends SMS messages and gains access to contact lists.
The blog claims that com.II "takes Android malware to a new level" by combining so many unwanted activities into a single app. The malware contains a feature called Bank Hijack' and is targeting eight banks in Korea, with fears this could quickly expand to many more.
Paco Hope, principle consultant with Cigital and a UK-based malware expert, restated concerns the RAT could pose a significant threat to mobile banking customers worldwide.
Speaking to SCMagazineUK, he said: "Because of its abstraction, it is likely that it will be used to target lots of different banking populations, and will probably be customised by region, language or jurisdiction.
"Malware of this nature also highlights the role the app store plays in securing a device. Users who accept apps from sources other than the official stores run a much higher risk of installing malware. For all their faults, the official Google and Apple stores play a significant role in protecting the average user from malware. The dangers of third-party app sources are very real."
To gain access, the malware poses as a Google Services Framework' asking users to install it with administrative privileges enabled. It then disables the uninstall option. Of 54 anti-virus systems tested by researchers, only five successfully detected the malware.
