Dr.WEB, Russian developer of information security software, has warned users about a new Trojan for Android that can intercept inbound short messages and forward them to criminals. Android.Pincer.2.origin poses a serious threat because stolen messages can contain sensitive information such as mTAN codes which are used to confirm online banking transactions.
The Trojan, discovered by Doctor Web’s analysts several days ago, is a second representative of theAndroid.Pincer malware family. Like its predecessor, this malicious program is spread as a security certificate that supposedly must be installed onto an Android device. If a careless user does install the program and attempts to launch it, Android.Pincer.2.origin will display a fake notification about the certificate’s successful installation and will not perform any noticeable activities for a while.
To be loaded at startup, the Trojan will make sure that its process -CheckCommandServices – will be run as a background service.
If at some point Android.Pincer.2.origin is launched successfully at startup, it will connect to a remote server and send it information about the mobile device, including:
•Handset model
•Device’s serial number
•IMEI
•Carrier
•Cell phone number
•Default system language
•Operating system
•Availability of the root account
