iBanking malware can spy on Android users

Security firm ESET has warned it has detected a malicious Android application capable of spying on a users’ communications.

The iBanking app has capabilities including capturing incoming and outgoing SMS, redirecting incoming voice calls and even capturing audio using the device’s microphone.

The app is being sold on underground forums, and has been used by several banking trojans in an attempt to bypass mobile two-factor authentication methods used by some financial institutions and web services firms.

ESET said an analysis of the banking trojan Win32/Qadars has uncovered a Webinject method that seeks to lure Facebook users into installing iBanking by disguising it as a two-factor authentication app for the social network.

This is the first time ESET has seen such a mobile application targeting Facebook users for account fraud, as the download would enable attackers to circumvent the social network’s own two-factor authentication.

Alternatively, cybercriminals may simply be using the Webinject method as a way to ensure iBanking is installed on devices so bot masters can make use of its other spying functionalities.

In a blog post, ESET malware researcher Jean-Ian Boutin said now that mainstream web services are being targeted by mobile malware, the use of Webinjects could become more prevalent.

“Will we see content injection functionalities and mobile malware used in non-financial types of malware so that they can take over accounts from popular web services? Time will tell, but because of the commoditisation of mobile malware and the associated code source leaks, this is a distinct possibility,” he said.

Image courtesy of Intel Free Press under CC