[ad_1]
ESET, a proactive threat detection company, analyzed a set of 29 banking Trojans discovered in the official Android Store between August and early October 2018. They claimed to be props for the device and cleaners, administrators battery and even horoscope applications.
These remotely controlled Trojans can dynamically affect any application found on the victim's device via custom phishing forms.
The effects
In addition, they can intercept and redirect text messages to bypass SMS-based dual-factor authentication systems, intercept call records, and download and install other applications on compromised devices. These malicious apps were mostly downloaded under the name of different developers, but the similarities in the code and the same C & C server suggest that they are the work of a single attacker or group.
"Unlike other malicious applications that only seek to borrow the identity of legitimate financial institutions and display screens with fake registration instances, the applications analyzed for this purpose are software malicious sophisticated banking intended for mobile phones, with complex features and special attention for Sigilosidad ", said Camilo Gutiérrez, head of the research laboratory of ESET Latin America.
Once executed, applications may display an error message stating that they have been deleted due to an incompatibility with the victim's device, and then hide from the view of the victim. user. The other possibility is that they offer the function that they promised to show the horoscope.
The main malicious function is hidden in an encrypted load located in the assets of each application. The payload feature is to borrow the identity of banking applications installed on the victim's device, to intercept and send SMS, to download and install additional applications chosen by the user. operator. Dynamically, malware can borrow the identity of any application installed on the victim's device, by overlaying the legitimate applications with the legitimate application once the legitimate application has run, thus leaving to the victim very little chance of perceiving that there is something. suspect
The 29 malicious apps were removed from the official Android store after ESET researchers informed Google of its evil nature. Similarly, before being removed from the store, the applications were installed by approximately 30,000 users in total.
"Fortunately, this particular banking Trojan does not use advanced tricks to ensure its persistence in affected devices, so if you think you have installed one of these applications, simply uninstall them. Go to Settings> Application Management / Applications, ESET also recommends checking the bank account for suspicious transactions and considering changing the password for the online banking system. the PIN code. ", concluded Camilo Gutiérrez.
To avoid becoming a victim of this banking malware, ESET recommends:
Download only apps from Google Play. Although this does not guarantee that the application is not malicious, this malicious behavior is more common in third-party stores, where it is difficult to eliminate them even if they are discovered. The difference with Google Play is that they are quickly deleted when they are reported.
Make sure to check the number of downloads, rating, and app comments before downloading from Google Play.
Pay attention to what permissions are granted to the installed applications.
Keep the Android device up-to-date and use a reliable mobile security solution.
Source link