Mobile Banking Malware “Svpeng” Working as a Keylogger and Steals Contacts and Call Logs

New Banking Malware called “Svpeng” -Trojan-Banker.AndroidOS.Svpeng.ae Discovered with New Advance Futures that working as Keylogger and steals sensitive information such as Entering texts, to send SMS, Call logs and Contacts Details from victims Mobile.

Taking Advantages of accessibility services and abusing the system futures allow this Trojan not only steal the call logs and Entering texts, but also it leads to accessing more permissions and Rights.

According to Kaspersky Researchers, This Trojan Family begin with attacking SMS banking, to use phishing pages to overlay other apps to steal credentials, and to block devices and demand money.

Svpeng Trojan actively monitoring a week and based the  Report, this Mobile Banking Trojan Attacked over  24 Countries and mostly infected Countries in Russia (29%), Germany (27%), Turkey (15%), Poland (6%) and France (3%).

This Malware won’t works and do not Perform any kind of Malicious Activities in the Russian Language running Devices.

Also Read    Machine learning system to create invisible malware’s – gym-malware

How Does Svpeng Malware Infection Perform

Initially, infections Perform the Language Checks and Confirm whether the Language is Russian.if the Language doesn’t Belong to Russian then it asks the device Permission and taking Advantages of an accessibility Services.

Once it gets the Devices Accessibility then Trojan Automatically granted permission for Administrator Privilege.

Malware Automatically installs the  SMS app and grated permission itself for Installations After taking Admin Privilege.

According to Kaspersky, Svpeng newly-gained abilities the Trojan can block any attempt to remove device administrator rights – thereby preventing its uninstallation. It is interesting that in doing so it also blocks any attempt to add or remove device administrator rights for any other app too.

Steals Information From Other Apps

Once this Malware gains the Admin permission, it will be taking advantages of other Applications User Interface and steal the sensitive information Such as names of the interface elements and their content.

It also Takes screenshots of user Activites every time whenever users Press the keyboard Button and send it to the Malicious Server.

It will receive Follow information from Command & Control Server.

  • To send SMS
  • To collect info (Contacts, installed apps and call logs)
  • To collect all SMS from the device
  • To open URL
  • To start stealing incoming SMS

To Evade the banking Application screenshot Blocking Future, this Malware using phishing window over the attacked app.

Karspersky Researcher Roman Unuchek said, From the information Svpeng receives from its command and control server (CnC), I was able to intercept an encrypted configuration file and decrypt it to find out the attacked apps, and to obtain a URL with phishing pages.

eBay and PayPal Phishing Apps are mostly used to steal the credentials from Different Countries.

  • UK– 14 attacked banking apps
  • Germany – 10 attacked banking apps
  • Turkey– 9 attacked banking apps
  • Australia– 9 attacked banking apps
  • France– 8 attacked banking apps
  • Poland– 7 attacked banking apps
  • Singapore– 6 attacked banking apps

Also Read   Trojan found Pre-installed On Cheap Android Smartphones


BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

BlueNoroff: New Malware Attacking MacOS Users

Researchers have uncovered a new Trojan-attacking macOS user that is associated with the BlueNoroff APT group and their ongoing RustBucket campaign.  As…

27 mins ago

Serpent Stealer Acquires Browser Passwords and Erases Intrusion Logs

Beneath the surface of the cyber realm, a silent menace emerges—crafted with the precision of the .NET framework, the Serpent…

47 mins ago

Doppelgänger: Hackers Employ AI to Launch Highly sophistication Attacks

It has been observed that threat actors are using AI technology to conduct illicit operations on social media platforms. These…

3 hours ago

Kali Linux 2023.4 Released – What’s New!

Kali Linux 2023.4, the latest version of Offensive Security's renowned operating system, has been released, and it includes the advanced…

8 hours ago

Trickbot Malware Developer Pleads Guilty & Faces 35 Years in Prison

A 40-year-old Russian national, Vladimir Dunaev, pleaded guilty for developing and deploying Trickbot malware. Trickbot, a suite of malware tools,…

10 hours ago

ICANN Launches RDRS to Assist Law Enforcement Agencies to Discover Private Info

ICANN is a non-profit organization that is responsible for coordinating the global internet's- DNS IP address allocation This organization manages…

14 hours ago