Gugi, Mobile Banker Trojan on the Prowl in Russia

A banking Trojan called Trojan-Banker.AndroidOS.Gugi.c, in short Gugi that emerged on the threat landscape during late-2015 is a discovery of Kaspersky. The threat is presently proliferating across Russia having infected 93% of the total victimized users globally, residing inside the country.

The Trojan is customized to compel end-users into allowing it for superimposing applications, dispatching and reading SMS, dialing numbers to make calls, etc. The malicious program is spread via socially-engineered tricks mostly by sending one spam SMS which lures the recipient into pursuing a tainted web-link.

Gugi has been so created that it steals the mobile-phone owner's banking credentials. This it does by superimposing counterfeit applications on his/her original banking apps. The Trojan as well tries capturing credit card particulars via similar way of superimposing hacker-controlled malware on Google's Play Store application.

Eventually, Gugi has been created for superimposing phishing windows on banking applications with the purpose of filching user-credentials, according to Unuchek. Nevertheless, owners of Android 6 are required giving their consent for application overlays and not let automatic execution. Consequently, this dynamically requires mobile owners to give permission prior to performing potentially perilous operations with any in-app, like making calls or sending SMS messages. Scmagazine.com posted this, September 6, 2016.

Gugi when planted on a device makes effort towards obtaining access privileges the malware needs doing its tasks. Once ready, it exhibits a pop-up having a message telling that more privileges are required for performing activities using Windows and graphics. This' followed with a button "Provide."

Moreover, Gugi seeks for becoming device administrator so it can act like one regular banker Trojan for the host mobile by displaying preset phishing pages that would steal banking credentials as well as SMS messages and contacts from the infected device.

Although Gugi is presently spreading in Russia, it's expected to target users within other regions during the forthcoming period.

And while Kaspersky Lab prepares to publish one report about Gugi, it advises end-users for safeguarding themselves from infection via being cautious with dubious e-mail attachments or web-links, carefully selecting application permission requests, as well as maintaining AV software up-to-date on their mobile phones.

» SPAMfighter News - 9/13/2016