Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Banking apps not safe to use on Android devices

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

August 2, 2017

It now appears that a new kind of Android malware is tricking mobile banking customers to do things they don't want, particularly those in Britain and Germany.

To be sure, the so-called Svpeng software has been around since 2013 but its creator was caught and thrown in jail a year later.

But what users need to know and be careful about is that the same malware keeps on evolving nevertheless, thanks to other hackers trying their hand with the previous code developed by Svpeng.

Researchers at Kaspersky Lab have now discovered a similar strain that abuses Android's accessibility services to place an invisible overlay on top of otherwise legitimate banking apps installed on the Android device.

That same covert layer then intercepts touchscreen keypresses to the underlying application, resulting in a very unsafe banking app.

It simply acts like a key-logger, picking up a victim's login details as they access their banking account. With that information, and access to various text messages, hackers controlling the spyware can siphon off those sensitive details, among others.

The malware is disguised as a fake Flash player download, and marks are lured into installing the malicious software as a .apk extension.

And it doesn't matter if you're running the latest version of Android OS and the latest security patches since the evil app uses the granted accessibility privilege to do its dirty work, rather than relying on exploiting software vulnerabilities.

"The Trojan-Banker.Android.OS.Svpeng.ae is distributed from various malicious websites as a fake Flash player plugin," asserted Roman Unuchek, ?malware analyst at Kaspersky Lab.

"Its malicious techniques work even on fully updated devices with the latest Android version and all security updates installed. By accessing only one system feature, this Trojan malware can gain all necessary additional rights and steal lots of data."

Once the user is tricked into installing the Svpeng malware, it asks for full permission to Android accessibility services, which should be a clear red flag for most users.

Naturally, once that permission has been given to the OS, the nasty things start and its the beginning of the end.

According to Kaspersky: ``It grants itself device administrator rights, draws itself over other apps, then installs itself as a default SMS app, and grants itself some dynamic permissions that include the ability to send and receive SMS, make calls, and read contacts.``

``Furthermore, using its newly-gained abilities, the Trojan malware can also block any potential attempt in removing any device administrator rights, thereby preventing its uninstallation. It's interesting that in doing so it also blocks any attempt to add or remove device administrator rights for any other app too,`` Kaspersky Labs added.

Once this invisible man-in-the-middle malware is in place, it then envelops no less than fourteen banking apps in Britain, ten in Germany, nine in each of Turkey and Australia, eight in France, seven in Poland, and six in Singapore.

And if all of that wasn't bad enough, it also connects to a remote command-and-control center for further instructions from its masterminds. It can also be ordered to send text messages, hand over texts, contacts, lists of installed apps, and call logs.

It can also start intercepting incoming SMSes. Additionally, it can send back screenshots of the various device every time the keyboard is touched and it supports a few third-party keyboards as well as the standard Android one.

The only way to be completely safe against the malware other than just avoid downloading and installing random .apks from websites is to have your smartphone set on the Russian language.

If Svpeng detects it's on a Russian phone, it deactivates and deletes itself, a move Unuchek said was increasingly popular with Russian malware writers looking to avoid prosecution on their home turf. We'll keep you updated.

Source: Kaspersky Lab.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer