Evil minds always evolve new attack vectors in the purpose of stealing information from their targets. This time they come up with a malware in the form of Trojan which can integrate with an android application and utilizes android feature to record every keystroke, take screenshots and send them back to attacker’s server. Key logger is an old school concept of stealing information from laptop/desktop devices. It can be in the form of a piece of hardware or software installed silently on the device and captures all key strokes and in the background, it sends the logs to the attacker.
Android key logger malware
Kaspersky security researchers recently observed a modification on a known type of mobile banking malware called Svpeng Trojan. It silently installed on android mobile and utilizes the accessibility feature of android to steal information. Accessibility service is a feature of Android that provides an alternate way with an advanced user interface to interact with the device, mostly used for users with disabilities or users with temporarily unable to interact fully with the device. Once the service is enabled, it runs in the background and exclusively managed by the device without user interaction. The attack footprint is being detected in 23 countries and has still not spread rapidly across the world yet.
- At the very first step, it tricks the target users to visit a malicious website that poses of distributing fake flash player.
- It checks the device default language. If it is not Russian, it asks for permission to access Android accessibility service.
- Once installed, it automatically gains device administration right and makes itself as the default application for calling, messaging and many other services.
- Now the Trojan has the privilege to capture every keystroke, taking screenshots of user activity and send it back to the malicious server in the background unknowingly to the user.
- It will also prevent the user to remove the application from the device.
How to protect yourself
As this type of malware utilizes the ground feature of Android OS, users have very little choice to protect themselves if being attacked. However, there are still some standard prevention techniques that users should maintain for not being affected:
- Trusted source for downloading applications, avoid mobile to mobile transfer and installation of apps.
- Verification of all ‘permission required’ options while installing an application. An example would be a photo editor application should nothing to do with phone book/SMS access.
- Stickily scrutinizing of application asking for permission to access another application data.
- Keep all applications up to date.
- Updating of mobile operating system.
- Beware of unsafe internet access
- Use safe browsing whenever possible
- Use of trusted security and malware protection application.
- Keep an eye on application permissions frequently
Authored By - Magrabur A Sofily
TCS Cyber Security Practice