New Trojan spy steals SMS with mobile devices based on Android

The company "Doctor Web," warns a new version of Spy Android.SpyEye, designed to intercept incoming attackers SMS. This Trojan is hidden behind the application Android Security Suite Premium, alleged that protects smartphones from malicious software. The new version of the Trojan added to the virus database as Android.SpyEye.2.origin, distributed under the pretext of security applications Android Security Suite Premium and has a corresponding icon. After starting the program on your mobile device displays the image of a shield and an activation code.

Android.SpyEye.2.origin is representative of Trojan spy, whose main goal - to get access to SMS, incoming to the mobile user number from the banking system when the number of financial transactions. In these reports contained a one-time code which the user must enter into a special form, to confirm that the monetary transaction. The Trojan monitors the number of system events: SMS_RECEIVED (getting a new SMS), NEW_OUTGOING_CALL (outbound call from your mobile device) and BOOT_COMPLETED (loading the operating system). Cybercriminals have the ability to monitor remotely the Trojan. When a new message Android.SpyEye.2.origin checks whether the text is intended for him the command. If so, a malicious program executes it, and deletes the message. Attackers can use several functions:

The activation mode of operation in which the Trojan sends all new incoming SMS to a specified number, in this case, the target number specified in the command message
Deactivation of the regime
Command to delete the Trojan
If the management team of the incoming message is missing, the information on it is added to a special database. If you find an outgoing call, and after loading the operating system, the Trojan waits for 180 seconds, and then put into the same database of information about the last incoming SMS. If we add this information to the database was done previously, the data uploaded to the server attacks. After processing the incoming SMS Trojan sends the server belonging to the attackers information on the mobile phone number and an identifier of infected devices. Thus, in the wrong hands can get a variety of important data, such as personal correspondence of the victim.