Android malware that poses as a Kaspersky security app has been found in Poland, according to security firm McAfee.
A message purporting to be from a bank tells users that their phone has been infected with malware, attaching an application said to detect malware, but which is really the remote access tool SandroRat.
Carlos Castillo, mobile malware researcher at McAfee, said: "Spam campaigns (via SMS or email) are becoming a very popular way to distribute Android malware, which can steal personal information or even obtain complete control of a device with a tools like SandroRat.
"This attack gains credence with the appearance of a bank offering security solutions against banking malware, a typical behavior of legitimate banks."
Released at the end of last year, SandroRat allows hackers to control several Android phones from their computer, and includes file, text message and call managers, as well as a GPS locator.
According to Castillo the malware can also access encrypted WhatsApp logs and the unique key from a Gmail account necessary to render the files into plain text.
He added: "This decryption routine will not work with WhatsApp chats encrypted by the latest version of the application because the encryption scheme (crypt7) has been updated to make it stronger [by] using a unique server salt."
Content from our partners
