Earlier this month, researchers from
Cisco Talos revealed GPlayed, an "extremely powerful" Trojan which pretends to be a Google service when infecting Android mobile devices.
At the time of discovery, the researchers said they believed the malware was still in development due to clues in the code -- but this did not detract from the fact the Trojan was extremely flexible, used obfuscation, and contained strong destructive and data-stealing capabilities.
It has now been found that GPlayed is not the only member of the new Trojan family. On Monday, Talos said that the malware's "younger brother" has also
appeared on the radar.
Dubbed "GPlayed Banking," the variant is a banking Trojan built with a specific role -- to target Russian state-owned Sberbank customers which use the bank's digital AutoPay payments service.
The malware appears to be able to spread through phishing campaigns and third-party app repositories in the same way as GPlayed.
The capabilities of GPlayed Banking are not quite as extensive as the predecessor's all-around data stealer functionality but the malware is still able to exfiltrate data from a target device and send it to the operator's command-and-control (C2) server.
