Defend what you create

Other Resources


My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Back to news

Android.SpyEye.1 compromises mobile devices

September 14, 2011

The leading Russian anti-virus vendor Doctor Web warns users about a new threat to Android. The new malicious program has been added to Doctor Web's virus database as Android.SpyEye.1. This program targeting Android is a modification of the known Trojan horse SpyEye.

If a user's computer is compromised by SpyEye, it significantly increases the risk of infection by Android.SpyEye.1 for the user's mobile device. When a user visits a bank site, whose address is present in the Trojan horse's configuration file, the malicious program injects content such as text and web-forms into the web-page. So the customer loads the bank site page in the browser on their desktop or laptop and sees a message informing them that the new bank security policy has been introduced and in order to get access to their account viathe Internet they need to install a special application that will suposedly prevent interception of ther short messages. Below the user can see a download link of the program, distributed as simseg.apk. The malware size is about 20 Kbytes.

Once it has been downloaded and installed onto a deivce, the application won't appear on the list of installed programs. To find it the user has to open the Settings applet, go to Applications and select Application management. The malware is hidden behind the "System" icon.

In order to activate this application according to the instruction proposed by criminals, the user must call 325000 from the device. Android.SpyEye.1 intercepts the call aid displays the activation code which the user will supposedly need to enter on the bank's web-site later—the code is always the same number 251340.

After that, all short messages received by the infected device will be intercepted by the Trojan horse and forwarded to criminals. Android.SpyEye.1 uses a special XML configuration file to determine command center addresses.

Android.SpyEye.1 may present danger to owners of mobile devices, since it is capable of transfering confidential information into the hands of intruders. The signature of this threat has been added to the virus database incorporated into Dr.Web for Android Anti-virus&Anti-spam and Dr.Web for Android Light.

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.

Other comments

The Russian developer of Dr.Web anti-viruses
Doctor Web has been developing anti-virus software since 1992
Dr.Web is trusted by users around the world in 200+ countries
The company has delivered an anti-virus as a service since 2007
24/7 tech support

Dr.Web © Doctor Web
2003 — 2021

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125124