Skip to content ↓ | Skip to navigation ↓

Security researchers have discovered one of the most advanced HijackRAT malware apps designed to hack users’ private data by granting hackers remote access to their Android device. The fake app, posing as ‘Google Service Framework’, is capable of stealing and sending SMS messages, banking credentials, contact lists and initiating malicious app updates.

Researchers reported the app was one of the most sophisticated to be uncovered. “In the past, we’ve seen Android malware that executes privacy leakage, banking credential theft, or remote access separately, but this sample takes Android malware to a new level by combining all those activities into one app.”

The researches also stated the malware is currently being used to defraud customers of eight top Korean banks, but could easily be manipulated by the hackers to begin targeting European financial institutions, as well.

“We suspected in the near future there will be a batch of bank hijacking malware once the framework is completed,” reported security researchers. “Right now, eight Korean banks are recognized by the attacker, yet the hacker can quickly expand to new banks with just 30 minutes of work.”

Researches claimed the ‘Google Service Framework’ app is seen to be especially dangerous as it is developed to bypass most traditional antivirus tools. The malware app appears with the default Android icon and has a package name of ‘com.ll’. However, it is still unclear what the replacement fake banking apps are designed to do.

Malicious malware has been a rapidly growing concern for Android users, as they continue to be a prime target for more and more advanced mobile threats. Researches also warned that given the sophistication of this imitation app, it could be possible that more robust mobile banking threats could be seen in the near future.

In hopes of mitigating the issue, Google announced plans to integrate Samsung’s Knox security solution into its next software update.

Read More Here…