This dangerous Android spyware could affect millions of devices
source link: https://www.techradar.com/news/this-dangerous-android-spyware-could-affect-millions-of-devices
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
This dangerous Android spyware could affect millions of devices
Banker is on the prowl for reckless Android users again
(Image credit: Future)
An updated version of the Banker Android (opens in new tab) spyware has been detetcted, stealing victim's banking details and possibly even money in some cases.
According to cybersecurity researchers from Microsoft (opens in new tab), an unknown threat actor has initiated a smishing campaign (SMS phishing), through which it tries to trick people into downloading TrojanSpy:AndroidOS/Banker.O. This is a malware (opens in new tab) variant that’s capable of extracting all sorts of sensitive information, including two-factor authentication (2FA) codes, account login details, and other personally identifiable information (PII).
What makes this attack particularly worrying is how stealthily the entire operation works.
Granting major permissions
Once the user downloads the malware, they need to grant certain permissions, such as MainActivity, AutoStartService, and RestartBroadCastReceiverAndroid.
That allows it to intercept calls, access call logs, messages, contacts, and even network information. By being able to do these things, the malware can also receive and read two-factor authentication codes coming in via SMS, and delete them to make sure the victim doesn’t suspect anything fishy.
To make matters even worse, the app is allowed silent command, which means the 2FA codes coming in through SMS can be received, read, and deleted, in complete silence - no notification sounds, no vibration, no screen light, nothing.
The threat actors behind the campaign are unknown, but what Microsoft does know is that the app, first seen in 2021, and significantly upgraded since, can be accessed remotely.
The scope of the attack is also unknown, as it’s hard to determine exactly how many people are affected. Last year, Banker was observed attacking Indian consumers only, and given that the phishing SMS carries the logo of the Indian ICICI bank, it’s safe to assume Indian users are in the crosshairs this time around, as well.
"Some of the malicious APKs also use the same Indian bank's logo as the fake app that we investigated, which could indicate that the actors are continuously generating new versions to keep the campaign going," the researchers said.
- Here's our roundup of the best identity theft protection services (opens in new tab) and ID protection providers around
Via: The Register (opens in new tab)
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Recommend
-
56
Android smartphones from Asus, LG, Essential, and ZTE are the focus of a new analysis about risks from firmware bugs introduced by manufacturers and carriers.
-
3
Developers of two open source code libraries for Secure Shell—the protocol millions of computers use to create encrypted connections to each other—are retiring the SHA-1 hashing algorithm, four months after researchers pil...
-
0
Dangerous New ‘Predator’ iPhone Spyware Uncovered by Citizen Lab By Jesse Hollington...
-
3
ANDROID SECURITY BLUES — Critical bug could have let hackers commandeer millions of Android devices Flaw could be exploited with malicious audio file. ...
-
5
'Alien' spyware is loading Predator malware on Android devices, warns Google...
-
2
another dangerous Android malware has had millions of downloads from the Google Play Store
-
4
Apple Introduces ‘Lockdown Mode’ to Fight Spyware Attacks on Its Devices July 7, 2022 ...
-
0
Shredding it — Why Big Tech shreds millions of storage devices it could reuse There are better options than destroying used hard drives in the name of data security....
-
0
MALICIOUS APP — Android app from China executed 0-day exploit on millions of devices Fast-growing e-commerce app Pinduoduo had an EvilParcel stow-away.
-
1
A new Android malware called Guerrilla has been discovered that has infected millions of devices around the world. The malware steals personal information from users, including their passwords, credit card numbers, and other sensitive data. Guerri...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK