Recently, we’ve noted a steep rise in Android malware and predicted the rise in banking malware, now we see another example in the wild, this time SpyEye. Trusteer has a good rundown on it, saying “It seems that SpyEye distributors are catching up with the mobile market as they (finally) target the Android mobile platform. Ever since Man in the Mobile attacks (MitMo/ZitMo) first emerged in late 2010, SpyEye followed Zeus’ tracks by introducing its own hybrid desktop-mobile attacks (dubbed SPITMO).”
With the rise in users moving their banking transactions to mobile platforms, expect to see quite a bit more banking malware following suit, especially since many users’ guards are down regarding mobile malware, and how to avoid security pitfalls. There will be some time lag between when we see exploits in-the-wild and when users will be reached with training, so as research types and evangelists we should put a concerted effort toward education to avert the impending nastiness. We still see good uptake of our ESET Mobile Security for Android, for an always-on solution, and other vendors have entered the space as well. But the bigger gap will still be the time lag to help users educate themselves to stay safe online. We have our work cut out for us.