If You See These 2 Words On Your Phone, It May Be Hackers

This is a huge danger sign.

getty

There’s a new hack targeting smartphones, and you need to beware in case you accidentally install one of these apps on your device. Fortunately, there’s a telltale warning on screen. And if you know what to look for, you can keep yourself safe.

The security team at Zimperium says it has been “actively tracking this sophisticated banker trojan strain” for several months, watching as it has “rapidly evolved in both its distribution methods and capabilities.” Once installed, it will steal your credentials, log your keystrokes and record your screen. It will can also install additional malware.

ForbesGoogle Chrome Warning—‘Millions Of Users Have Data Stolen’By Zak Doffman

The only way this malware can cause such havoc, Zimperium warns, is to “heavily abuse” Android’s Accessibility Services. These are restricted because they enable an app to control many of your phone’s most sensitive features and functions. That’s why you will see a specific warning when any of these permissions are requested.

The popup you will see will ask whether you want to grant the specific app you have installed “full control” of your phone. Unless this app is tailored to cater for very specific usability needs and you are well aware of that before it’s installed, you must deny the permission request or better still fully uninstall the app.

If you allow that level of access, the malware will “begin executing its malicious actions in the background, including data theft and unauthorized control of the device.”

Zimperium has watched the malware adapt and evolve as it has gained traction in the wild. “The new functionalities include: displaying malicious UI overlays to steal PIN codes or unlock patterns, comprehensive screen recording capabilities, the ability to block the opening of specific applications, and advanced keylogging functionality.”

Almost all of which require access to sensitive functions on your phone that no normal app will ever need or ask for. The good news is that this gives you something specific to look for, rather than relying on more subtle signs of an attack.

Overlay malware presents a fake screen to you while hiding a real app’s UI in the background. For example, it will overlay your banking app’s login screen and maybe even its 2FA prompt. It can then capture whatever you enter into your phone.

ForbesDo Not Take These Calls On Your iPhone Or Android PhoneBy Zak Doffman

“Captured credentials are secretly saved in the app’s cache directory,” the researchers say, “before being exfiltrated to the attacker’s Command and Control (C2) server. The malware leverages Android’s Accessibility Services to detect when a user opens a specific application, subsequently overlaying a fake UI tailored for that app.”

Google has added more protections around Accessibility Services and developers are warned of the consequences of any abuse. But they remain a core tool in a malware developer’s arsenal. You really do need to deny them by default. Every time.