Weather Application of Android Turned Cyber-Weapon to Serve Banking Malware

Android owners after lately downloading the application, Good Weather got slightly more over and above merely the weather forecast, basically experiencing a compromise of their application for cell-phone banking.

For attaining this task, crooks turned the Good Weather application into a cyber-weapon via making a Trojan out of it that would serve a banking malware-Trojan.Android/Spy.Banker.HU, says a blog post by ESET. The fact which makes this assault especially perilous and successful has been found in the con artists' utilization of one genuine app which ESET spotted inside Google Play Store, February 4, 2017. Scmagazine.com posted this, February 22, 2017.

By bypassing Google's security defenses, the malevolent app was seen inside the store, 4th February, just for ESET to report it on the 6th and therefore getting the app pulled out of the store. Curiously, while it stayed briefly, the application managed infecting a maximum of 5,000 devices.

The Trojan, in addition to adopting the weather prediction feature from the actual genuine app, locks as well as unlocks contaminated devices as also taps text messages. Furthermore, the Trojan attacked people using 22 mobile banking applications in Turkey and those people's credentials were grabbed with the aid of fake login forms.

After getting pulled down, the Trojan, though provides the weather of the locality, it locks, unlocks as well as taps texts of the Android phones. It reaches for bank login details of the victims using its C&C infrastructure while effectively bypasses the 2F-authentication of the bank since it regulates one and every text functionality.

After this, those devices infected with the Trojan exhibit one false system screen asking to provide device administrator privileges intended for fabricated system update. Once the privileges are enabled, the victim unwittingly lets the malicious program reset password for screen unlocking followed with locking the same. If no proper remedial action is taken, the Trojan works to transmit device info to the command-and-control system.

The Trojan can be manually uninstalled-First, to go to Settings-Security-System Update and then disabling 'device administrator privileges.' Thereafter, going to Settings-Application Manager-Good Weather, the malevolent application can be uninstalled.

» SPAMfighter News - 2/27/2017