Sandroid Trojan; From Russia with Love

The smartphone revolution is enabling the harvesting of banking information and credit card numbers in new ways. There were almost 100,000 malicious modifications to mobile malware in 2013, with over 98% connected to the Android platform. Sandroid is the latest high-profile mobile Trojan, wreaking havoc amongst middle-east banking customers.
This botnet is spreading with the help of malicious Android apps. Reliable banks from the middle-east are being used as bait. These include Riyad Bank, SAAB, AlAhliOnline (NCB), Al Rajhi Bank and the Arab National Bank.
Almost 3000 mobile phones have already been infected by the malicious scheme, with an estimated 28,000 text messages intercepted for manipulative use. The Russian spyware was exposed by security expert Brian Krebs.

The hacking methodology is simple. Computers are contaminated with malware using traditional phishing techniques. Pop-up boxes creep up on the screen, asking the victims to download a banking security app on their mobile phone. This obviously is a scam, as these apps are actually spyware that are designed to harvest private information.
Nicknamed Sandroid, this malware intercepts all incoming SMS messages and harvests relevant banking information. The victim’s code, username and password are exposed without much trouble and are automatically transferred to the botnet-master. Krebs traced the botnet activity to a Russian Mobile Telesystems SIM card currently active in Moscow.

Intercepted Bank Messages. Courtesy – KrebsOnSecurity

The good news is that users with even basic Android anti-virus solutions can easily trace the aforementioned malware, which has a simple signature.  Besides adopting safe browsing habits on the computer, Android users have to beef up their mobile security awareness to combat malicious Trojans like Sandroid and other dangerous cyber-threats.

• Use only official operating systems (Kernels & ROMs) provided by the manufacturer and make sure they are up-to-date with the latest security patches/fixes.
• Stay away from underground app markets and refrain from installing software from unknown sources on your smartphone. Make Google Play your only app source.
• Not all apps need system-level permissions. Be very careful during the app installation process and avoid apps that seem to be too intrusive or unusual.
• Free WiFi hotspots are a tempting proposition, but pose a huge security risk. Use only recognized wireless networks and turn off your Bluetooth when possible.
• Try not to use your mobile web browsing to perform financial activities. If really urgent, type the desired address into your mobile Chrome instead of clicking on links.
• Scan your mobile device for viruses, just like on your personal laptops. Change all your passwords immediately if the scan finds and removes any sort of infection.

Sandroid is not a vulnerable app, but official apps do need to be vulnerability-free. This can be achieved by implementing the right tools to create a safe Software Development Life-Cycle (SDLC). Source Code Analysis (SCA), a SAST solution, can be fully integrated into the development process, shortening production times, saving resources and cutting costs.