GOOGLE SERVICE FRAMEWORK - APPLICATION OR MALWARE?
Security researchers at the security firm FireEye have came across a malicious Android application that binds together the latest and older hijacking techniques. The malicious Android app combines private data theft, banking credential theft and spoofing, and remote access into a single unit, where traditional malware has had only one such capability included in it.
Researchers dubbed the malware as HijackRAT, a banking trojan that comes loaded with a malicious Android application which disguises itself as "Google Service Framework," first and the most advanced Android malware sample of its kind ever discovered, combining all the three malicious activities together.
By giving the remote control of the infected device to hackers, the creepy malware application:
- steals and sends SMS messages
- steals contacts
- initiates malicious app updates
- scans for legitimate banking apps installed on the victim's mobile phone and replace them with fakes utilities
- attempts to disable any mobile security software or antivirus solution that might be installed on a compromised Android device
IS MOBILE ANTIVIRUS NEEDED? GOOGLE SAYS "NO"
Despite strict warnings from security companies, Google's head of Android security says the majority of Android device users do not need to install any anti-virus solution and other security applications to protect their devices.
Google's security researchers say those who used antivirus or security app on their phone would probably never actually receive protection from it, and because every Android app goes through the Google automated system that checked for every issue, and verified those apps that didn't contain any malware or malicious activities, before they were made available on the app store.
But, the question here is that if every Android app goes through Google Automated System, then why Google Play Store is surrounded by so many malicious apps? Now this really need to answer.
CURRENTLY TARGETING KOREAN BANKS
Coming back to the topic, this malicious Android application cannot be removed from the device unless users deactivate its administrative privileges. The latest version of the malicious app is currently being used to defraud customers of eight popular Korean banks, but could easily be adapted by hackers to target European financial institutions.
"While it is limited to just the 8 Korean banks right now, the hacker could easily add in the functionality for any other bank with about 30 minutes of work," reads the blog post.
WARNING: ROBUST VARIANT COMING SOON
HijackRAT's incomplete functionality appears to be designed to conduct "bank hijacking" attacks, according to an analysis carried out by FireEye.
The unique nature of this malware app, particularly its ability to steal users' personal information from the device and impersonate itself as banking apps, indicates it could be a test attack and an even more robust mobile banking threat could be on the horizon, said the researchers.
SOLUTION: WHAT TO DO?
Since, malware is at rise and specially Android users are facing majority of problems. Have a thought, If any malware is stealing your device messages then the app is definitely taking permissions to read messages and if it is stealing your device contacts then it's taking permission to read your contacts, and likewise for other capabilities.
So, you are advised to read the app permission always before installing it to your phone, and if some application such as messaging app that definitely requires permission to read your contacts, messages, location etc then first check the reviews of that particular app on the Internet and Play Store, and always try to install only the reputed Android app to your device.