A new Android Banking Trojan found on Google play with more than 10,000 installs steals user’s banking credentials and also capable of by bypassing SMS for two-factor authentication.
Security researcher Lukas Stefanko discovered the trojan in the Google play pretended to be QRecorder app that records phone calls.
Once the app launched it requests the user to provide Draw over other apps permission to make the app functioning properly, but the malware abuses it to take control on what to be displayed on the user screen.
By having the overlay permission, the malicious app can draw an overlay at the top of the legitimate application to steal sensitive information from the user.
Threat actors used Firebase messages to communicate with the infected devices, they pass commands to check whether the targeted app installed on the device or not.
According to Stefanko analysis if the targeted baking is installed it requests the user to activate accessibility service and by having this permission it automatically downloads, installs and open the payload without user consent.
Stefanko published a Video on how it abuses the accessibility services and overlays banking app.
Once the app installed it triggers the targeted apps and overlay legitimate app and ask for login credentials. The threat actors primarily targeted German, Polish and Czech banks. here is the list of banking apps targeted.
com.apps.callvoicerecorder DA926010056A75E7DA0DE1292B0FC7C2DCD727A7 gjfid.pziovmiq.eefff E2DB952DFC2BCC65450129CE3A2F0892EF7D3CFB
Newly Discovered Android Malware Stealing Data from Messaging Applications WhatsApp, Viber, Facebook
Android Malware in QR Code apps that Downloaded More than 500,000 times from Play Store
As California grapples with devastating wildfires, communities are rallying to protect lives and property. Unfortunately,…
AISURU botnet launched a DDoS attack targeting Black Myth: Wukong distribution platforms in August 2024…
Botnets are the networks of compromised devices that have evolved significantly since the internet's inception.…
The Federal Trade Commission (FTC) has announced that it will require GoDaddy Inc. to develop…
A significant cybersecurity threat has emerged, threatening the integrity of thousands of PHP-based web applications.…
A significant security vulnerability has been identified in the W3 Total Cache plugin for WordPress,…