Happy anniversary! Banking malware targets Google Play
Today is the one-year anniversary of the Google Play store and the company celebrates with a big sale. However, things may not be all balloons and ribbons in Android land. Something darker lurks just beneath the surface of Google's Android marketplace.
Brian Krebs, a former Washington Post reporter who now writes a security blog, found a bit of information that could make your hair curl. Krebs makes a habit of hanging out on the seedy side of the web and he recently hit potential paydirt, encountering a new botkit that is making the rounds and leverages actual verified accounts from the marketplace to trick users into downloading phony banking applications. Krebs spotted a developer purchasing verified Google Play accounts for $100 each on an underground forum.
According to Krebs, "Google charges just $25 for Android developers who wish to sell their applications through the Google Play marketplace, but it also requires the accounts to be approved and tied to a specific domain. The buyer in this case is offering $100 for sellers willing to part with an active, verified Play account that is tied to a dedicated server".
The malware, which goes by the name 'Perkele' does not appear to be overly sophisticated as far as a modern mobile malware app goes, but it is still being endorsed by buyers.
Krebs explains how the new malware works: "When the victim goes to log in to their bank account at their PC, the malware Web inject informs the victim that in order to complete the second, mobile authentication portion of the login process, the user will need to install a special security certificate on their phone. The victim is then prompted to enter their mobile number, and is sent an SMS or HTTP link to download the mobile malware".
While many of us may pause at such a prompt, average users likely would not. Especially given today's two-factor authentication that a growing number of sites require -- for some reason Google just prompted me to enter a code texted to my phone this morning when I first logged into my account.
Is there something to worry about? Likely not, but it is reason to be cautious, but then again there is always reason for that. If an app prompts you to do something out of the ordinary then go directly to the website -- type the URL into your browser -- do not click a link. Check it out before you go any further. I know it sounds paranoid but, as the old saying goes, better safe than sorry.