New banking Trojan Attacks Android Devices

Symantec the security company has detected Android.Bankosy, a malware that steals information, while depicts standard features belonging to financial Trojans hitherto known. But additionally, this new threat as well features call forwarding abilities. Consequently, it's capable of sniffing dual-factor authorization codes no matter whether they're conveyed through voice calls, mechanism which banks quite familiarly employ. SecurityWeek posted this, January 13, 2016.

The threat that FireEye first identified during mid-December, and which the research company has been examining describing it as one viscous Android banking malicious program, has many more characteristics, it said, including a far extended assault chain which aids its concealed presence.

During early-December, one fresh info-grabbing Android Trojan known as Rootnik attracted researchers' attention that contaminated systems through Root Assistant, name of one commercial root program. Doctor Web the anti-virus vendor from Russia cautioned about ZBot, a malware sample created for pilfering users' sensitive data while running malicious code from those victims' smart-phones.

Besides, Android.Bankosy can also erase SMS messages, tap incoming SMS, erase stored data, as well as issue more commands that any type of financial Trojan supports. Over and above it makes possible call forwarding from a contaminated device.

Further, a support from the backdoor disables and enables the silent mode feature of a device while locks it. Thus, victims don't get to know when a call comes in. This capability has proven particularly useful within Asia-Pacific countries the place for device owners having one special service program for disabling/enabling call forwarding.

The malicious act works with first setting call forwarding on the victimized user's system, thus aiding the attacker for starting transactions after he has already filched the user's confidential credentials related to "two-factor validation's" first factor. Immediately, the device then asks the user to feed in the 2nd factor following which attacker uses call forwarding to tap the call as well as subsequently finish the transaction.

Symantec, which found the command-and-control infrastructure of the campaign and also accessed its login web-page, noticed that the registration of majority of the domains occurred during beginning-December 2015; however, the bad guys operating them discarded them to shift onto fresh ones.

» SPAMfighter News - 1/19/2016