Breaking News

Tweet TWEET

Global Tech

A Peek at a Program That Lets Hackers Steal Anything From Your Smartphone

Photographer: Getty Images

Your phone has been hacked. Close

Your phone has been hacked.

Close
Open
Photographer: Getty Images

Your phone has been hacked.

With our lives increasingly linked to our smartphones, it's scary knowing that the devices are becoming a bigger target for hackers.

Even scarier? How easily criminals can infiltrate and control our mobile gadgets.

Group-IB, a Moscow-based security firm, has found evidence that more than 541,000 phones in Russia, Europe and the U.S. are infected with malicious software that steals banking passwords and text-message security codes. The malware even connects many of the devices with each other in a crude, mass-spying instrument called a "botnet," which is common in the PC world but exceedingly rare in smartphones.

The findings, which the company shared with Bloomberg.com, show that criminals are getting more sophisticated in their attacks on mobile devices, and that the software used to manipulate infected smartphones is frighteningly simple.

One of Group-IB's screenshots shows a program with a drop-down menu next to each victim's phone number. The options for violating the smartphone owner's privacy include "get images," "get place" and "start record call."

Source: Group-IB

Source: Group-IB

Red and green color codes indicate which features are turned on and off. The brand names of the phones and details about their operating systems makes the whole thing feel more like an online shopping cart than a criminal's hacking tool.

Group-IB has a rare view into such things because of its computer-forensics work for Russian law enforcement, financial institutions and energy companies. Much of the mobile malware was designed by Russian-speaking hackers and tested on customers of Russian and Ukranian banks over the past eight months as the crisis between the countries has erupted, according to Group-IB. The software is now targeting customers of European banks as well.

Seventy percent of the infected devices are in Russia, 20 percent are in the European Union, and 10 percent are in the United States, according to Group-IB Chief Executive Officer Ilya Sachov.

Criminals are also improving their methods for getting malware onto target devices: Instead of requiring that victims download applications, they are sending the poisoned code through text-message links disguised as software updates, which are more likely to trick people.

Activate device administrator? Source: Group-IB

Activate device administrator? Source: Group-IB

Press spacebar to pause and continue. Press esc to stop.

Bloomberg reserves the right to remove comments but is under no obligation to do so, or to explain individual moderation decisions.

Please enable JavaScript to view the comments powered by Disqus.