The SpitMo SpyEye hacking toolkit app is targeting smartphones running on the Android operating system according to security vendor Trusteer. The SpitMo is primarily targeting banking web pages. When a user browses to the targeted bank a message is injected, presenting a 'new' mandatory security measure, enforced by the bank, in order to use its online banking service.
The initiative pretends to be an Android application that protects the phone's SMS messages from being intercepted and will protect the user against fraud. Once the user clicks on "set the application" they are given further instructions to walk them though downloading and installing the application.
To complete the installation, the user is instructed to dial the number "325000" to get an activation code to access the bank's site in future, but the call is intercepted by the Android malware and a dummy activation code is returned. Once the Trojan is installed, all incoming SMS messages will be intercepted and transferred to the attacker's command and control server.