A family of banking trojans for Android has spread beyond Russia, a region it normally targeted, and operates in an aggressive way to replace the default SMS app and deploy phishing screens on compromised devices. Dubbed Riltok, the strain has been known since March 2018 and operated mainly in Russia, where 90% of its victims are located.
Spreading outside Russia
Towards the end of the year, the cybercriminals behind it created a version destined for English speakers. In January 2019 occurred Riltok variants for Italian and French victims.
Other detections were recorded in the U.K. and Ukraine. From the European countries, most of the infections are in France (4%).