In addition to the content of SMS-messages, the Trojan also steals a mobile phone number and an identifier of an infected device.
Representatives of the company, “Dr. Web” found a new version of the malware Android.SpyEye, who steals the incoming SMS-message to the mobile users. This Trojan pretends to be an application Android Security Suite Premium. When you run the program to the user mobile device displays the image with a shield and a specific activation code.
Furthermore it is aimed at stealing Android.SpyEye.2.origin SMS-messages that come to the phone users from the banking systems in the performance of a number of financial transactions. Typically, such a message containing a one-time code that users must enter into a special form in order to confirm the performance of certain operations with financial assets.
The Trojan monitors a number of events on the user’s mobile device: SMS_RECEIVED (getting a new SMS-messages), NEW_OUTGOING_CALL (outbound call from your mobile device) and BOOT_COMPLETED (loading the operating system).
Attackers controlling a malicious program remotely. Virus scans all incoming SMS-message to the presence in the text of a particular team. If it is found, the Trojan executes it. In addition, the analysis of the incoming message malicious program sends to the server data on malicious mobile phone number and an identifier of an infected device.