MOSCOW–The threat from keystroke logging has long been identified with desktop and laptop computers. But now a new analysis is suggesting keystroke logging malware, which can steal usernames and passwords, has begun to emerge on mobile devices.
The threat comes at the same time researchers said they saw a 15% increase in financial malware during the second quarter of 2016.
According to a new report from security firm Kaspersky Lab, the so-called “overlay malware” can impersonate login pages from popular apps and websites as users launch the apps, enticing them to enter their credentials to banking, social networking, and other services, which are then sent on to attackers.
Kaspersky Lab reported the malware can automatically download when users visited certain Russian news sites, without requiring users to click on what to date has been scammer’s preferred method of attack, the malicious advertisement. The new overlay malware prompts users for administrative rights, which makes it harder for antivirus software or the user to remove it, and proceeds to steal credentials through fake login screens, and by intercepting, deleting, and sending text messages, according to Kaspersky.
The Kaspersky report calls the malware "a gratuitous act of violence against Android users."
In response, however, Google, the manufacturer of the Android technology, said the issue has since been resolved.
Meanwhile, Kaspersky Lab also reported they have seen a 15.6% increase in the number of financial malware in the second quarter of 2016, compared to the previous quarter.