silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,176
In a detailed report published on his blog, security researcher Lukas Stefanko detailed how a banking Trojan posing as a legitimate phone call recording application steals bankings information from compromised Android devices.
The infected app was installed on more than 10,000 Android devices, and it managed to steal banking credentials even though SMS two-factor authentication was enabled on the test device with the help of Android's accessibility services.
According to ESET's mobile security researcher, the QRecorder Android app was initially a malware-free application but, in a subsequent release, the developer decided to include the banking Trojan to make some quick money.