Latest Asacub Variant Attacking Android Comes with Added Capabilities

Banker.AndroidOS.Asacub, a malware first spotted during June last year, tainted Android devices, garnered from them saved data, and dispatched the same onto its command-and-control (CnC) server. When in its earliest version, Asacub collected details comprising the Android user's collection of applications loaded onto his mobile device, his contact list and his browser's history. Alternatively, the Trojan was capable of issuing SMS messages as well as shut down device's screen following relevant command.

Initially Asacub appeared as attacking solely Russian-speaking Internauts since within the modifications there were phony log-in sites mimicking banks of Ukraine and Russia. However, security researchers at Kaspersky Lab uncovered a modification that contained a phony website mimicking one big American bank.

Subsequent developments occurred fast and just a month away during July 2015, Kaspersky experts observed Asacub's first evolution. Accordingly, the malware's controllers included the option for pilfering SMS and monitoring and erasing texts in SMS, something necessary whenever Asacub would be utilized for substantiating and concealing fake transactions. Softpedia posted this, January 20, 2016. And as every month passed, newer-and-newer options got added to Asacub such as being able to put off the phone's sound; shut down the screen although the CPU would be on; and further one distant shell, which enabled the attackers towards gaining entry into the mobile device's console, certain feature of typical backdoor.

According to Senior Malware Analyst Roman Unuchek of USA's Kaspersky Lab, it was uncovered that Asacub had links with crooks who hosted web-links leading onto CoreBot a spyware for Windows PCs. The domain which the malware's CnC server relied on was also registered to someone who associated with domains counting several tens for CoreBot. It's thus quite possible that an identical gang is using or developing both the malware programs while expecting huge value by exploiting the consumers of mobile banking. But Asacub, even with all the above capabilities, remained low, exuding occasional contaminations. However, on 28th December, 2015, things turned when Asacub contaminations spiked as also showed high numbers continuously from then on.

For assisting consumers with safety of their finances, Kaspersky Lab provides solutions that effectively spot and stop Asacub.

» SPAMfighter News - 1/27/2016