Android Malware Trojan Steals Credit Card Info When You Speak or Enter It
In a recent study, researchers have discovered a very smart and intelligent Anroid Malware, which smartly bye-passes most of the Android security applications present in the security market today.
Codenamed as Soundminer, this tiny bit of code listens and tracks your conversations and data inputs silently in the background until when you say or enter your credit card information. It uses minimum permissions to act itself thus limiting the chances of getting user attention to the bare minimum.
After capturing the credit card information, it transfers this info to yet another trojan horse residing in the Android. This has been nicknamed as Deliverer. Since the Android firmware requires the user permission, if the data is swapped between the applications, this uses yet another smart trick to minimize chances of detection. It uses the phone vibration mode to code the credit card information, which then is picked by the Deliverer and sent to the attacker sitting at the remote server controlling all these malware activities.
Soundminer intelligently “pullsout” sensitive data such as credit card and PIN numbersfrom both tone- and speech-based interaction with phonemenu systems. Soundminer performs ef?cient, stealthy localextraction, thereby greatly reducing the communication costfor delivering stolen data. Soundminer automatically infersthe destination phone number by analyzing audio, circumvents known security defenses, and conveys information remotely without direct network access.