A very profitable line for mobile malware developers is Android Banking Trojans, which infect phones and steal passwords and other data when victims log onto their online bank accounts.
One recent trend is Android malware that attacks users in specific countries, such as European Countries, Brazil and India.
The Antivirus software maker Malwarebytes noticed that a new threat distributed via file sharing sites and alternative markets in the last few months, targets Korean users.
Dubbed as 'Android/Trojan.Bank.Wroba', malware disguises itself as the Google Play Store app and run as a service in the background to monitor events.
"This enables it to capture incoming SMS, monitor installed apps and communicate with a remote server."
According to the researcher, after installation - malware lookup for
existence of targeted Banking applications on the device, remove them
and download a malicious version to replace.
"The malicious version will contain the exact Package Name and look very similar to the legitimate app, but contains malicious code with no banking functionality."
The
attackers aim to obtain login credentials giving them access to the
victim’s bank account and that second installed fake Banking application
will capture the banking information and other useful data to generate
revenue for them.
No comments:
Post a Comment