'Most Dangerous’ Banking Trojan Receives Update

As per the report of Kaspersky Lab that was released on Monday, the latest version of Android banking malware Svpeng added a new method for stealing data. Authors behind family of Android banking malware Svpeng added the keylogger to the latest strain.

The sr. malware analyst of Kaspersky Lab namely Roman Unuchek, said on Monday that he has discovered a new version of Trojan in the middle of July. Roman Unuchek says that keylogger takes advantage from the Accessibility Services, which is a feature of Android assisting the users having disabilities, or assisted the users to access the apps at the time of driving.

The cybersecurity firm said that Svpeng is created to steal banking credentials via different means, now implants itself in accessibility services of Android - the software which helps users with disabilities to direct apps and devices. Thehill.com posted on July 31st, 2017, stating that Svpeng is now capable of stealing any data in a text box and logs all keystrokes.

However, Unuchek added that latest version of malware is not widely used at present. Svpeng was one of the first malware that steal from the SMS banking and also overlay phishing applications over the banking apps for stealing credentials. Svpeng alongwith another family, Fusob, are tied to the spike in the mobile ransomware attacks in Q1 of this year. As per researcher, the latest iteration of the Svpeng checks language of the device. In case the language is not Russian, then it will ask device to use the Accessibility Services, something which can subject device to many dangerous outcomes.

Unuchek said on Monday that he was not surprised to find attackers who are behind the Svpeng, had started embracing the keyloggers and also abusing accessibility functionality of Android. Almost all dangerous functions common for the mobile banking Trojans (first)has appeared in the Svpeng. Unuchek says that once afforded ability of accessing inner workings of the other applications on device, then Svpeng could steal the text that was entered on the other apps as well as capture screenshots, information which is immediately fired off to C&C server of the attacker.

Svpeng was one of the first to target attacks at SMS banking, to use phishing pages to cover apps in trying to collect credentials and block devises and then demand ransom amount. That is why, it is so important to monitor and analyze every new variant.

» SPAMfighter News - 8/8/2017