View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Beware this fake Kaspersky mobile security app

Rivals McAfee uncover Polish Android malware campaign.

By Jimmy Nicholls

Android malware that poses as a Kaspersky security app has been found in Poland, according to security firm McAfee.

A message purporting to be from a bank tells users that their phone has been infected with malware, attaching an application said to detect malware, but which is really the remote access tool SandroRat.

Carlos Castillo, mobile malware researcher at McAfee, said: "Spam campaigns (via SMS or email) are becoming a very popular way to distribute Android malware, which can steal personal information or even obtain complete control of a device with a tools like SandroRat.

"This attack gains credence with the appearance of a bank offering security solutions against banking malware, a typical behavior of legitimate banks."

Released at the end of last year, SandroRat allows hackers to control several Android phones from their computer, and includes file, text message and call managers, as well as a GPS locator.

According to Castillo the malware can also access encrypted WhatsApp logs and the unique key from a Gmail account necessary to render the files into plain text.

He added: "This decryption routine will not work with WhatsApp chats encrypted by the latest version of the application because the encryption scheme (crypt7) has been updated to make it stronger [by] using a unique server salt."

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.