Android malware now has a well-established track record of monetary theft, which is typically achieved by sending text messages to premium rate numbers. At the end of summer we wrote about a new Trojan, which was able to steal from a debit/credit card if the card was bound to a phone number. Cybercriminals never stop inventing new ways to steal money or find the means to access money from unsuspecting victims. A new variation of the aforementioned Svpeng Trojan uses several tricks to phish for credit card numbers and online banking credentials.
It is worth mentioning that the specific sample we discovered targets Russian users; however, Russia often serves as a testing ground for cybercriminals. Well-proven schemes usually go overseas quite quickly. For now, the malware appears to be interested in U.S., German, Belarusian and Ukrainian victims. Currently the Trojan is configured to mimic popular Russian banks. Upon the launch of the mobile banking app, the Trojan replaces the open window with its own to swindle out the password.
Another implemented attack is more versatile as it targets Google Play users. When victims launch the Android online market app, the Trojan overlaps Google’s windows with its own and proposes that users add a credit card to the account.
During three months of the Trojan’s existence, Kaspersky Lab has discovered over 50 modifications of this malware, which means that criminals recognise its high “commercial value”. No doubt we will see new versions of the Trojan that will be able to steal from clients of various banks in multiple countries very soon. The current version spreads itself using SMS spam, but other variations might utilise another infection tactic.
To avoid infection, follow the Android user golden rules:
- Switch off “Allow installation from unknown sources” in security settings
- Use Google Play, do not use untrusted third-party app stores
- Before installing a new app, check every permission requested by this app and consider if those permissions are reasonable for that type of app
- Check app ratings and download counts, avoid applications with low ratings and a small number of downloads