HijackRAT: Experts warn of "significant development" in mobile malware


The National Fraud Intelligence Bureau (NFIB) is warning of a new breed of malware developed for smartphones which run on the Android platform. Experts say HijackRAT is a "significant development" in mobile malware.

RAT stands for remote access tool. The malware siphons private data from the device, and goes after banking credentials by replacing banking apps with spoofed versions. Most Android malware will do just one of these things but HijackRAT combines all of these activities as well as deleting antivirus software.

It disguises itself as an app called "Google Service Framework", and the NFIB says the delivery method is not currently known. The main target seems to be mobile banking apps as it attacks two-factor authentication systems popular in mobile banking.

So far it has only targeted Korean banks but net security firm FireEye has warned that it could be adapted very easily. The NFIB advises mobile banking users on all platforms to download apps only from the official app store. Before downloading, check what access it requires. If it asks for access to areas which it shouldn't need, then be suspicious.