Everybody knows (or should know) that downloading apps from third party online markets is dangerous, but even official markets such as Google Play can’t be considered completely safe, as time and time again malware peddlers succeed at fooling its defenses and upload malware for download, masquerading as games and other popular apps.
Kaspersky Lab researchers have recently discovered a slew of apps carrying the Carberp-in-the-Mobile (CitMo) component that allows criminals to steal mobile transaction authentication numbers (mTANs) sent by banks.
In conjunction with the information provided by the Carberp Trojan installed on the users’ computers, the criminals have all they need to access the users’ bank accounts and bleed them dry.
The CitMo components were packaged as mobile applications from Russian Sberbank and Alfa-Bank, and popular social network VKontakte. Once installed, the CitMo component would work quietly in the background.
The researchers spotted the fake apps last Wednesday, informed Google about them, and the company removed then from the market on Thursday.
Tracing who is behind the publication of such malware is usually impossible, but according to ESET researchers, there is currently only one Carberp group that uses CitMo. Unfortunately, they aren’t ready to share information on them, as an investigation into their activities is likely ongoing.
In the meantime, the Carberp Trojan is likely poised for an explosion as, according to RSA, the team that developed it recently began to sell it and rent it to anyone who can afford it.