Cron-Linked Malware Impersonates 2,200 Banking Apps


Level 29
Content Creator
Feb 4, 2016
Windows 8.1
Security researchers are warning of new malware designed to harvest banking and card details, which could be linked to the infamous Cron cybercrime group.

The Catelites Bot shares similarities with the CronBot banking Trojan which was used to steal $900,000 before the group behind it were arrested earlier this year by the Russian authorities.

That’s according to Avast’s head of mobile threat intelligence and security, Nikolaos Chrysaidos, who said it is “likely” that Cron members have used the malware in their campaigns.

The malware is dropped onto victim Android devices via fake apps on third-party stores, malvertisements or phishing pages, and appears on the user’s screen as an innocuous-looking icon called “System Application”.
If the user clicks on it the malware will ask for admin permissions, and if granted, it will remove the icon and replace it with the familiar looking Gmail, Chrome and Google Play icons.

The hacker is banking on users clicking on these popular apps at some point, and if they do it will display a fake overlay requiring them to enter their credit card details.

That’s not all: the malware also has functionality allowing it to pose as legitimate-looking banking apps from over 2,200 financial institutions.

“Once you open your own banking app, the malware activates and places a fake overlay on your actual banking app, tricking you into entering your bank login details and also your credit card info. Once you provide this, they have access to your account and credit card,” explained Chrysaidos.

Similar Threads

Similar Threads