Thursday, June 13, 2024

Dangerous Android Malware that Steals Banking Credentials, Call Forwarding, Keylogging, and Ransomware Activities

A new Android malware that contains the functionalities of Banking Trojan, call forwarding, audio recording, keylogging and Ransomware Activities. The malware targeted the popular banking apps such as HFC, ICICI, SBI, Axis Bank and other E-Wallets.

The malware operator needs more user interaction to be a successful attack, it continues to force the users in a continuous loop until the permission for AccessibilityService is granted. By having the AccessibilityService enabled it allows the malware to abuse any permission without user concern.

Quick Heal researchers spotted the malware that performs a number of activities based on the commands received from the C&C server.

Android malware

Android Malware Features

Once the targeted application is launched it displays an overlay phishing login form over its window and asks for confidential information such as the username and password. Overlay attacks allow an attacker to draw on top of other windows and apps running on the affected device.

Android malware

The main APK file is highly obfuscated and the strings are encrypted, it also adds junk data to make it difficult for reverse engineering.

It also uses to check whether the user has play protection enabled or not if it is not enabled it to display fake alerts “The system does not work correctly, disable Google Play Protect” and asks users to disable it.

Android malware

Also, researchers spotted that if the user’s trying to uninstall the application the malware shows an alert with “System Error 495” message.

Threat actors used Twitter accounts for C&C communication, attackers post the encrypted C&C server address in Twitter and the malware takes the encrypted address from Twitter account.

If the malware receives the command “cryptokey” it encrypts all the files in victim’s device and renames it with the extension “.AnubisCrypt”. Once the encryption is done it shows the ransom note and blocks windows screen by showing Window WebView.

Quick Heal Security Labs published a blog post with a complete list of targeted apps and Indicators of compromise.

Also Read

Trickbot Malware Re-emerging via MS Word Documents with Powerful Code-Injection Technique

PhishPoint – Hackers Uses New Phishing Technique To Steal User Credentials

16 Years Old Australian Teen Hacked into Apple’s Secure Network & Download the Sensitive Files


Latest articles

Microsoft Windows Ntqueryinformationtoken Flaw Let Attackers Escalate Privileges

Microsoft has disclosed a critical vulnerability identified as CVE-2024-30088.With a CVSS score of 8.8, this flaw affects Microsoft...

256,000+ Publicly Exposed Windows Servers Vulnerable to MSMQ RCE Flaw

Cybersecurity watchdog Shadowserver has identified 256,000+ publicly exposed servers vulnerable to a critical Remote...

Indian National Jailed For Hacked Servers Of Company That Fired Him

An Indian national was sentenced to two years and eight months in jail for...

JetBrains Warns of GitHub Plugin that Exposes Access Tokens

A critical vulnerability (CVE-2024-37051) in the JetBrains GitHub plugin for IntelliJ-based IDEs (2023.1 and...

Critical Flaw In Apple Ecosystems Let Attackers Gain Unauthorized Access

Hackers go for Apple due to its massive user base along with rich customers,...

Hackers Exploiting Linux SSH Services to Deploy Malware

SSH and RDP provide remote access to server machines (Linux and Windows respectively) for...

Firefox 127 Released With patch for 15 Vulnerabilities

Mozilla has released Firefox 127, addressing 15 security vulnerabilities, some of which have been...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles