Header Ads

New bank Trojans for Android are detected

On Google Play were found eight new Trojans, disguised as licensed programs, according to experts ESET. After downloading and installing such programs, they requested the user "superfluous" rights, and then accessed his bank data and passed them on to attackers.

ESET antivirus developers warned about a new family of Trojan bootloaders in the Google Play app store that masqueraded as legitimate programs, uses a multi-level architecture and encryption, and allows attackers to obtain bank card data.

After downloading and installing the application, do not request "extra" rights and perform the expected actions. The malicious activity remains invisible to the user and is implemented in four phases, the company said.

In the first two steps on the device in the background, decryption, and execution of two components that are part of the downloaded from the Google Play application.

At the third stage, the malicious program secretly downloads another application by going to the encoded URL. After a five-minute delay, the user is asked to install the downloaded application - it masks for popular software (for example, Adobe Flash Player) or a non-existent program with the name of the type of Android Update or Adobe Update. Its task is to decrypt and execute the last, fourth component and get the rights necessary for its operation. Next: 

Trojan-loader allows you to infect devices with any malicious program to choose attackers. While the fourth component is a mobile banker or spyware. In particular, ESET specialists observed the installation of a banking Trojan MazarBot on the infected device. After downloading, it displays fake authorization forms to steal logins and passwords from online banking or bank card data. Next: https://news.rambler.ru/tech/38477831/?

In Google Play, eight applications with Trojan bootloader functions are detected. After warning ESET specialists, applications are removed from the store.

ESET recommends checking application ratings and reviews of other users, as well as using reliable anti-virus products to protect mobile devices.

No comments

Powered by Blogger.