- May 7, 2016
- 1,311
A new Android banking Trojan capable of spying on users and stealing credit card info is achieving persistency on infected devices by asking for device administrator rights and continuously showing the dialog window until the user gives in.
Researchers at AVAST warn that the new Banker Trojan relies on social engineering and employs various evasion techniques in an attempt to remain undetected on the compromised devices.
The malicious program is installed on the infected devices under different names, including AVITO-MMS, KupiVip and MMS Центр (MMS Center), depending on the sample. After installation, an app icon is placed in the launcher, but the icon is hidden after the program’s first run, to make the Trojan more elusive.
The malware also checks whether it runs in an emulator, and, if it doesn’t, it starts a background timer that shows the Device Admin activation dialog in a continuous loop, even if the user presses the “Cancel” button. However, the dialog disappears if the user gives in and enables device administrator rights for the app.
After gaining admin rights, the malware repeats the process, but for setting the default SMS manager app. By gaining device admin rights, the Trojan makes it more difficult for users to uninstall it, while also allowing its operators to remotely lock the device, researchers say.
Read Full Story: Android Trojan Steals Credit Card Info, Locks Devices Remotely | SecurityWeek.Com
Researchers at AVAST warn that the new Banker Trojan relies on social engineering and employs various evasion techniques in an attempt to remain undetected on the compromised devices.
The malicious program is installed on the infected devices under different names, including AVITO-MMS, KupiVip and MMS Центр (MMS Center), depending on the sample. After installation, an app icon is placed in the launcher, but the icon is hidden after the program’s first run, to make the Trojan more elusive.
The malware also checks whether it runs in an emulator, and, if it doesn’t, it starts a background timer that shows the Device Admin activation dialog in a continuous loop, even if the user presses the “Cancel” button. However, the dialog disappears if the user gives in and enables device administrator rights for the app.
After gaining admin rights, the malware repeats the process, but for setting the default SMS manager app. By gaining device admin rights, the Trojan makes it more difficult for users to uninstall it, while also allowing its operators to remotely lock the device, researchers say.
Read Full Story: Android Trojan Steals Credit Card Info, Locks Devices Remotely | SecurityWeek.Com
Last edited by a moderator:
