New Android Virus Forwards Text Messages To Hackers.
A (http://news.drweb.com/show/?i=3549) new Trojan malware infecting
phones is capable of intercepting inbound text messages and
forwarding them to hackers. The malware, called Android.Pincer.2.origin,
is particularly troubling because it can easily thwart the two-step
verification systems employed by online banking, email and social media
The malware, discovered by Russian antivirus company
(http://www.drweb.com/?lng=en) Doctor Web , spreads as a fake security
certificate that tricks users into thinking they need to install it onto
their Android phone. After installation, users will get a notification
that installation was successful, but the malware won’t do any
other noticeable activities on the Android phone. The malware will
instead run in the background, connecting to a remote server to send
information about the Android device including the phone’s model
and serial number, carrier information, phone number and
Once connected, hackers can send the malware various instructions
that will direct it to intercept and forward messages from specific
phone numbers, send new text messages, display a message on the Android
device’s screen, and more.
The ability to specify a phone number to intercept messages from
allows a hacker to use the malware for targeted attacks, stealing only
specific messages that contain valuable information. For example, the
hacker could set the malware to only forward texts received from banking
Two-step verification systems often use cell phone messaging to
verify a user’s identity. The user registers their phone number
with the service, and when they attempt to log in to their account, the
service sends a text message with the password. The user must then use
this password to complete the log in.
The system, which
Dotcom claimed Thursday to have invented , is designed to protect
scams that use malware to send hackers the log in
information. By requiring a second password that is
tr.v. ran·dom·ized, ran·dom·iz·ing, ran·dom·iz·es
To make random in arrangement, especially in order to control the variables in an experiment.
and sent to a device that only the user has access to, not even a hacker
with access to the primary user name and password can access an account.
announced a two-step verification
system on Wednesday after hackers compromised several high-profile
But if a hacker has access to
messages and can set the
malware to forward every message sent from Twitter or a bank, they could
get that password and access to the account. Stay on the lookout and
only install software from trusted sources.
(https://twitter.com/ryanWneal) Follow Ryan W. Neal on Twitter