Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
Riltok mobile Trojan: A banker with global reach (by Kaspersky)
Message
<blockquote data-quote="silversurfer" data-source="post: 821819" data-attributes="member: 26718"><p>Riltok is one of numerous families of mobile banking Trojans with standard (for such malware) functions and distribution methods. Originally intended to target the Russian audience, the banker was later adapted, with minimal modifications, for the European “market.” The bulk of its victims (more than 90%) reside in Russia, with France in second place (4%). Third place is shared by Italy, Ukraine, and the United Kingdom. </p><p></p><p style="text-align: center"><img src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/06/24124110/mobile-banker-riltok-1.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p> <p style="text-align: center"><strong>Geographic spread of the Riltok banking Trojan</strong></p> <p style="text-align: center"></p><p></p><p>We first detected members of this family back in March 2018. Like <a href="https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/" target="_blank">many other bankers</a>, they were disguised as apps for popular free ad services in Russia. The malware was distributed from infected devices via SMS in the form “%USERNAME%, I’ll buy under a secure transaction. youlabuy[.]ru/7*****3” or “%USERNAME%, accept 25,000 on Youla youla-protect[.]ru/4*****7”, containing a link to download the Trojan. Other samples were also noticed, posing as a client of a ticket-finding service or as an app store for Android.</p><p></p><p>It was late 2018 when Riltok climbed onto the international stage. The cybercriminals behind it kept the same masking and distribution methods, using names and icons imitating those of popular free ad services.</p><p></p><p style="text-align: center"><img src="https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/06/24124101/mobile-banker-riltok-2.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p> <p style="text-align: center"><strong>Icons most frequently used by the Trojan: Avito, Youla, Gumtree, Leboncoin, Subito </strong></p><p></p><p>Continue reading below:</p><p>[URL unfurl="true"]https://securelist.com/mobile-banker-riltok/91374/[/URL]</p></blockquote><p></p>
[QUOTE="silversurfer, post: 821819, member: 26718"] Riltok is one of numerous families of mobile banking Trojans with standard (for such malware) functions and distribution methods. Originally intended to target the Russian audience, the banker was later adapted, with minimal modifications, for the European “market.” The bulk of its victims (more than 90%) reside in Russia, with France in second place (4%). Third place is shared by Italy, Ukraine, and the United Kingdom. [CENTER][IMG]https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/06/24124110/mobile-banker-riltok-1.png[/IMG] [B]Geographic spread of the Riltok banking Trojan[/B] [/CENTER] We first detected members of this family back in March 2018. Like [URL='https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/']many other bankers[/URL], they were disguised as apps for popular free ad services in Russia. The malware was distributed from infected devices via SMS in the form “%USERNAME%, I’ll buy under a secure transaction. youlabuy[.]ru/7*****3” or “%USERNAME%, accept 25,000 on Youla youla-protect[.]ru/4*****7”, containing a link to download the Trojan. Other samples were also noticed, posing as a client of a ticket-finding service or as an app store for Android. It was late 2018 when Riltok climbed onto the international stage. The cybercriminals behind it kept the same masking and distribution methods, using names and icons imitating those of popular free ad services. [CENTER][IMG]https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/06/24124101/mobile-banker-riltok-2.png[/IMG] [B]Icons most frequently used by the Trojan: Avito, Youla, Gumtree, Leboncoin, Subito [/B][/CENTER] [B][/B] Continue reading below: [URL unfurl="true"]https://securelist.com/mobile-banker-riltok/91374/[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top