A mobile banking malware has been found lurking behind every app on Turkish alternative Android app store by ESET cyber-crime researchers. The remotely controlled malware is capable of intercepting and sending SMS, displaying fake activity, as well as downloading and installing other apps.
Internet security company ESET East Africa has issued an alert to mobile phone users running on the Android platfom to be wary of alternative app stores’ potential to spread malware such as screen locking malware.
(TOP: A screenshot of the Turkish alternative Android app store, www.CepKutusu.com).
According to Teddy Njoroge, Kenya Country Manager for ESET, ransomware is a fast growing problem for users of mobile devices.
“Just like SMS trojans, ransomware threats have evolved over the past few years with hackers adopting techniques that have proven effective in regular desktop malware to develop lock-screen types and file-encrypting ransomware. These have been causing major financial and data losses for years and which have now made their way to the Android platform“, he said.
The alert comes after Cyber-crime researchers at ESET discovered that www.CepKutusu.com, a Turkish alternative Android app store was spreading malware under the guise of all the offered Android apps on the site
When users browsed the Turkish alternative app store CepKutusu.com and proceeded to downloading an app, the “Download now” button led to banking malware detected as Android/Spy.Banker.IE instead of the desired app.
After ESET researchers turned to the store’s operator with the discovery of the attack, the store ceased the malicious activity. ESET Android malware researcher, Lukas Stefanko said this was an entrirely new tactic by cybercrimnals.
“This is the first time I’ve seen an entire Android market infected like that. Within the Windows ecosystem and in browsers, this technique is known to have been used for some time but in the Android ecosystem, it’s really a new attack vector“, he said.
Athough the misdirection on www.CepKutusu.com was from a legitimate app to the malicious banking malware, the crooks behind the campaign added an exception, a tactic commonly used to increase the chances of staying longer under the radar.
The hackers introduced a seven-day window of not serving malware after a malicious download, thus falsely serving the user with clean download links, only to be redirected to the malware once they try to download any application from the store after the period lapses.
Although focused in Turkey and parts of Europe, the incident points to the growing appetite for mobile malware by hackers using masking tactics to hoodwink users and which could soon become the biggest cybersecurity problem yet.
To protect yourself, Njoroge advises that you should always download apps from official app stores and also practice caution when downloading any content from the internet. Always pay attention to anything suspicious in file name, size and extension.
Lastly is to use a reliable mobile security solution to protect you from the latest threats.