Friday, May 31, 2013
Trojan that captures SMS, making two-factor authentication dangerous
The main feature of the malware identified Dr. Web as Android.Pincer.2.origin, is that it intercepts all SMS-message arriving on the infected device and sends them to the attacker.
The specialists of Dr. Web found the Trojans, note that he is disguised as a security certificate. It helps cybercriminals to convince potential victims that it simply must be installed.
Infecting a system, the malware displays the following message: "Certificate installed successfully and your device is protected now." ("The certificate has been successfully installed. Your device is protected"). At that collects all the information about the infected device, in particular, the serial number, IMEI, model, data on the operator and the operating system, the phone number. After completing the data collection, the malware attempts to send them to a remote server.
Send data to hackers, Trojans await further instructions cybercriminals. According to information available with this malware, cybercriminals can intercept and redirect SMS-messages coming from certain numbers, send the device with the victim ussd-message, showing intercepted messages, etc.
Experts note that the two-factor authentication makes Android.Pincer.2.origin dangerous because attackers sends an SMS with the one-time passwords, codes and other sensitive information.