Cron-Linked Malware Impersonates 2,200 Banking Apps

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Security researchers are warning of new malware designed to harvest banking and card details, which could be linked to the infamous Cron cybercrime group.

The Catelites Bot shares similarities with the CronBot banking Trojan which was used to steal $900,000 before the group behind it were arrested earlier this year by the Russian authorities.

That’s according to Avast’s head of mobile threat intelligence and security, Nikolaos Chrysaidos, who said it is “likely” that Cron members have used the malware in their campaigns.

The malware is dropped onto victim Android devices via fake apps on third-party stores, malvertisements or phishing pages, and appears on the user’s screen as an innocuous-looking icon called “System Application”.
If the user clicks on it the malware will ask for admin permissions, and if granted, it will remove the icon and replace it with the familiar looking Gmail, Chrome and Google Play icons.

The hacker is banking on users clicking on these popular apps at some point, and if they do it will display a fake overlay requiring them to enter their credit card details.

That’s not all: the malware also has functionality allowing it to pose as legitimate-looking banking apps from over 2,200 financial institutions.

“Once you open your own banking app, the malware activates and places a fake overlay on your actual banking app, tricking you into entering your bank login details and also your credit card info. Once you provide this, they have access to your account and credit card,” explained Chrysaidos.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top