Malware News New Android Mobile Banking Trojan Emerges in South Korea

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Zscaler has detected a new Android banking trojan that is currently only active in South Korea, where it infects users posing as a popular antivirus app and then stealing SMS messages and authentication certificates used for banking operations.

Based on technical analysis provided by the Zscaler team, the yet unnamed banking trojan is still under development and seems to be the companion of a desktop banking trojan, but may also be further developed to work on its own.

There are only three main features included in the trojan's code. The first is the ability to talk to its C&C server, from where it receives instructions and where it sends stolen data.

The second is its ability to intercept and steal SMS messages without showing any indicators on the user's screen that a message was received.

This feature is really useful when a banking transaction takes place, and the user receives a confirmation SMS message. If the user doesn't see the SMS, then he or she won't be alerted that a mobile or desktop trojan is ravaging their bank account.
Trojan can steal digital certificates used in financial operations
The third is the trojan's ability to steal files related to South Korea's NPKI (National Public Key Infrastructure), which app makers and banks use to protect financial transactions. If crooks get their hands on NPKI files, then they could impersonate the victim in financial operations. Fortunately, these certificates can be useful only if the trojan gets ahold of login credentials for the app it stole the certificates from.

As you see, there are a few things that the trojan still needs to collect in order to be more dangerous, but crooks have a habit of churning out new malware versions at quite a rapid pace.

Currently, Zscaler warns that crooks are distributing the trojan disguised as a fake V3 Mobile Plus app, which is an Android antivirus engine developed by a local South Korean company and is very popular in the country.
new-android-mobile-banking-trojan-emerges-in-south-korea-508712-3.jpg
 
  • Like
Reactions: shukla44

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top