ESET's research lab has detected a malicious Android app capable of spying on users' communications.
The app is titled "iBanking" and the bot has been identified as "Android/Spy.Agent.AF", according to a statement by ESET.
Upon installation of the app the bot gains control of phone-specific functions, allowing it to capture incoming and outgoing SMS messages, redirect any incoming voice calls and capture audio via the device's microphone.
The Slovakia-headquartered security firm discovered the application while monitoring banking Trojan "Win32/Qadars", which was found to be utilising a new JavaScript webinject for Facebook.
The webinject attempts to lure the user into installing the Android application via a message that appears upon logging in to Facebook. The message requests a mobile phone number and operating system under the guise of securing the account.
ESET reports this is the first instance the company has encountered that sees a mobile application targeting Facebook users for account fraud.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
