Android targeted by Russian gangs with sophisticated new $5,000 banking malware

Russian cybercriminals are targeting Android users with one of the most sophisticated and dangerous attacks ever seen.

Security experts have warned that a thriving black-market for the so-called ‘iBanking’ malware targets online banking to try and steal login details and cash.

According to Symantec the iBanking malware was originally being sold by cybercriminals for up to $5,000 (£3000), but the source code for the attack has now leaked online leading to a huge spike in attacks.

The malware has been described as both sophisticated and expensive, with criminals offering a “software as service” model, including updates and technical support. According to Symantec iBanking typically masquerades as a legitimate social network, banking or security application.

Once installed on a device iBanking will attempt to steal one-time banking passwords sent through SMS and other sensitive information. Attacks can be controlled through SMS and HTTP, giving hackers offline and online control.

The malware can steal information about the device it is installed on, intercept all text messages, forward and redirect all calls, upload contact information, record audio using the microphone, view location data, access files and prevent apps from being uninstalled.

To begin with iBanking was only available on a premium $5,000 subscription, but the code leaked online in February. Symantec reports that this leak resulted in “an immediate increase” in iBanking attacks.

The criminal gang behind iBanking are still developing updates and adding new features with a Blackberry version also in the works.

Android users are warned to never share sensitive data via SMS and never download apps from outside of Google Play. People should also be wary of any SMS messages containing links to download apps.

As the iBanking malware is usually installed via a financial Trojan installed on a desktop computer, it is also important to keep antivirus software up to date.