It is worth mentioning that the specific sample we discovered targets Russian users, however, Russia often serves as a testing ground for cybercriminals. Well-proven schemes usually go overseas quite quickly. For now, the malware appears to be interested in U.S., German, Belarusian and Ukrainian victims. Currently the Trojan is configured to mimic popular Russian banks. Upon the launch of the mobile banking app, the Trojan replaces the open window with its own to swindle out the password.
Another implemented attack is more versatile as it targets Google Play users. When victim launch the Android online market app, the Trojan overlaps Google’s windows with its own and proposes that users add a credit card to the account.
During three months of the Trojan’s existence, Kaspersky Lab has discovered over 50 modifications of this malware, which means that criminals recognize its high “commercial value”. No doubt, we will see new versions of the Trojan that will able to steal from clients of various banks in multiple countries very soon. The current version spread itself using SMS spam, but other variations might utilize another infection tactic.
To avoid infection, follow the Android user golden rules:
- Switch off “Allow installation from unknown sources” in security settings
- Use Google Play, do not use untrusted third-party app stores
- Before installing a new app, check every permission requested by this app and consider if those permissions are reasonable for that type of app
- Check app ratings and download counts, avoid applications with low ratings and a small number of downloads
No comments:
Post a Comment