The mobile world will continue to witness attack from unscrupulous malware developers.
This time, it’s Android HijackRAT malware which has fake utilities capable of replacing original mobile banking apps. This new attack imitates “Google Service Framework.”
|Infographic source: Visual.ly|
|The Fake “Google Service Framework” icon in the home screen. Source: FireEye|
In a cyber world, RAT stands for Remote Access Tool which gives someone permission to connect to your device in order to take total control over it.
It is also called Remote Access Trojan in hacking which is considered as one of the most dangerous virus which has the strength to basically carry out any task on your device.
- Google Service
“A few seconds after the malicious app is installed, the Google Services” icon is clicked, the app asks for administrative privilege. Once activated, the uninstallation option is disabled and a new service named “GS” is started. The icon will show “App isn’t installed” when the user tries to click it again and removes itself from the home screen.”
|The structure of the HijackRAT malware. Source: FireEye|
Since this security breach report was published on July 1, 2014, military sources from South Korea have accused North Korea of doubling the number of government hackers it employed.
Based on the hacking and counter-hacking as a result of diplomatic tensions between Pyongyang and Seoul, the fireeye discovery is a sincere research to put security experts around the world on their toes.
If it happened to South Korea, any other country may as well be a target.
- It cunningly looks like “Google Service Framework”, but it not related or has any affiliation to Google Play Store.
- It takes over the remote access tool (RAT) to perform its tasks.
- It steals private data on Android device.
- It gains access to banking credentials after crashing the installed anti-virus software.
- It steals SMS and can send SMS.
- It hijacks contact lists.
- It initiates malicious app updates because it usurps the real service framework which is passage for this kind of action to be successfully executed.
- It scans for banking apps installed on the phone.
- It can also replace original and real banking applications with fake ones with utilities similar to the original bank apps.
- It disables any mobile security app installed on a compromised device.
- If you always visit and download files and other materials from suspicious websites, you may soon be a victim.
- If your choice of downloads is third-party android stores, you may be opening your device for malware intrusion.
- Even if you’re downloading from Google Play Store and you failed to carefully read the permissions of any programme before installing, an app might have followed the guidelines of Google, but could still be requesting to gain access to your privacy in unusual ways.
- You discovered that your device is malware-infected and continue to use it without taking security measures like formatting it, or reporting suspicious activities in your account to your bank; you’re a victim in the waiting.
- If you jettisoned Android upgrade to the latest version, it means you might be carrying the former security loopholes around.
- If you don’t care about installing a trust worthy anti-virus app on your device, it means your device is a free for all. Some of the features of some of the anti-virus include anti-theft protection, safer web browsing, device tracking, remote wiping, and information about which app has access to your information.