A Peek at a Program That Lets Hackers Steal Anything From Your Smartphone
By Jordan Robertson
With our lives increasingly linked to our smartphones, it’s scary knowing that the devices are becoming a bigger target for hackers.
Even scarier? How easily criminals can infiltrate and control our mobile gadgets.
Group-IB, a Moscow-based security firm, has found evidence that more than 541,000 phones in Russia, Europe and the U.S. are infected with malicious software that steals banking passwords and text-message security codes. The malware even connects many of the devices with each other in a crude, mass-spying instrument called a “botnet,” which is common in the PC world but exceedingly rare in smartphones.
The findings, which the company shared with Bloomberg.com, show that criminals are getting more sophisticated in their attacks on mobile devices, and that the software used to manipulate infected smartphones is frighteningly simple.
One of Group-IB’s screenshots shows a program with a drop-down menu next to each victim’s phone number. The options for violating the smartphone owner’s privacy include “get images,” “get place” and “start record call.”
Red and green color codes indicate which features are turned on and off. The brand names of the phones and details about their operating systems makes the whole thing feel more like an online shopping cart than a criminal’s hacking tool.
Group-IB has a rare view into such things because of its computer-forensics work for Russian law enforcement, financial institutions and energy companies. Much of the mobile malware was designed by Russian-speaking hackers and tested on customers of Russian and Ukranian banks over the past eight months as the crisis between the countries has erupted, according to Group-IB. The software is now targeting customers of European banks as well.
Seventy percent of the infected devices are in Russia, 20 percent are in the European Union, and 10 percent are in the United States, according to Group-IB Chief Executive Officer Ilya Sachov.
Criminals are also improving their methods for getting malware onto target devices: Instead of requiring that victims download applications, they are sending the poisoned code through text-message links disguised as software updates, which are more likely to trick people.