The mobile Malware developers are introduced the New Android banking Trojan, this will be infect phones and steal passwords and other data when victims log onto their online bank accounts.
They are targeting the Korean users as well as European Countries, Brazil and India. This has been noticed the Antivirus software maker Malwarebytes.
This particular one disguises itself as the Google Play Store app and will run as a service in the background to monitor events. This enables it to capture incoming SMS, monitor installed apps and communicate with a remote server.
According to the researcher, after installation - malware look up for existence of targeted Banking applications on the device, remove them and download a malicious version to replace.
The malicious version will contain the exact Package Name and look very similar to the legitimate app, but contains malicious code with no banking functionality.
The Trojan does a look up of installed apps against a list of targeted apps (BK_ARRAY_LIST in screenshots), if found it will remove and download a malicious version to replace.
This second Trojan will also capture the infected users banking information and other useful data that will generate revenue for them.
In this year we have seen the various Android banking Trojans targeting European and Brazilian banks, Malware developers are expanding their techniques into other platforms it is not surprise to Android.
They are targeting the Korean users as well as European Countries, Brazil and India. This has been noticed the Antivirus software maker Malwarebytes.
This particular one disguises itself as the Google Play Store app and will run as a service in the background to monitor events. This enables it to capture incoming SMS, monitor installed apps and communicate with a remote server.
According to the researcher, after installation - malware look up for existence of targeted Banking applications on the device, remove them and download a malicious version to replace.
The malicious version will contain the exact Package Name and look very similar to the legitimate app, but contains malicious code with no banking functionality.
The Trojan does a look up of installed apps against a list of targeted apps (BK_ARRAY_LIST in screenshots), if found it will remove and download a malicious version to replace.
This second Trojan will also capture the infected users banking information and other useful data that will generate revenue for them.
In this year we have seen the various Android banking Trojans targeting European and Brazilian banks, Malware developers are expanding their techniques into other platforms it is not surprise to Android.
No comments:
Post a Comment