A while back we reported on SpyEye, a trojan on the PC which was referred to as the “Swiss Army knife” of hacking toolkits. Through SpyEye, the hackers can issue commands to all the computers that have been infected, stealing information, causing chaos and whatever malicious reasons you can think of. The bad news is that it has apparently made its way onto Android handsets in the form of Spitmo.
First of, in order to be infected by Spitmo, it seems that you would have to be infected by SpyEye first. SpyEye will prompt the user on their computers to install a special “security software” that will work with their bank services on their mobile devices, and by installing this software, your Android handset will then be infected by Spitmo.
If for whatever reason you may have fallen for the trap, what Spitmo does is that it intercepts your text messages and uploads it to the hacker’s servers. For those who do a lot of online banking, one of the ways your bank deals with pass loggers is with an external device that generates a random pass code when pressed, or in some cases your bank will send you a one-time pass code via SMS. If you’re with a bank that uses an external device to generate pass codes, it looks like you’re safe for now. If your bank sends you pass codes via SMS, then it looks like you may be in trouble.
Once again it’s important to stress how you should not download apps from third party app stores unless they’re established, such as Amazon’s Appstore, but even then it’s best to check out the various ratings and comments before downloading the app.