Collaborate Disseminate
In fact, any site using AdSense to display adverts could potentially have displayed messages that downloaded the dangerous Svpeng and automatically saved it to the device’s SD card. We intercepted traffic coming from the attacked device when this sort of “advert” was displayed, and figured out how the malicious program was downloaded and automatically saved. Continue reading Disassembling a Mobile Trojan Attack
The use of root privileges is not typical for banking malware attacks, because money can be stolen in numerous other ways that don’t require exclusive rights. However, in early February 2016, Kaspersky Lab discovered Trojan-Banker.AndroidOS.Tordow.a, whose creators decided that root privileges would come in handy. Continue reading The banker that can steal anything
A few days ago we reported to Google the existence of a new malicious app in the Google Play Store. The Trojan presented itself as the “Guide for Pokémon Go”. According to the Google Play Store it has been downloaded more than 500,000 times. Continue reading Rooting Pokémons in Google Play Store
In the previous article, we described the mechanisms used by Trojan-Banker.AndroidOS.Gugi.c to bypass a number of new Android 6 security features. In this article, we review the entire Gugi mobile-banking Trojan family in more detail. Continue reading Gugi: from an SMS Trojan to a Mobile-Banking Trojan
We have found a new modification of the mobile banking Trojan, Trojan-Banker.AndroidOS.Gugi.c that can bypass two new security features added in Android 6: permission-based app overlays and a dynamic permission requirement for dangerous in-app activities such as SMS or calls. The modification does not use any vulnerabilities, just social engineering. Continue reading Banking Trojan, Gugi, evolves to bypass Android 6 protection
It is far from easy for the app to get into Google Play. Some malware writers give up their efforts to push their malicious creations past security checks, and instead learned how to use the store’s client app in their dark business. Continue reading How Trojans manipulate Google Play
In early March, Kaspersky Lab detected the modular Trojan Backdoor.AndroidOS.Triada which granted superuser privileges to downloaded Trojans (i.e. the payload), as well as the chance to get embedded into system processes. Soon after that we found one of the modules enabling a dangerous attack – spoofing URLs loaded in the browser. Continue reading Everyone sees not what they want to see
Mobile applications have become one of the most efficient attack vectors, and one of the favorite methods of cybercriminals is the abuse of popular applications. Continue reading Who viewed your Instagram account? And who stole your password?
Applications that gain root access to a mobile device without the user’s knowledge can provide access to much more advanced and dangerous malware, in particular, to Triada, the most sophisticated mobile Trojans we know. Continue reading Attack on Zygote: a new twist in the evolution of mobile threats
After analyzing all the known malware modifications in Acecard family, we established that they attack a large number of different applications. In particular, the targets include nine official social media apps. Two other apps are targeted by the Trojan for their credit card details. But most interestingly, the list includes nearly 50 financial apps and services. Continue reading The evolution of Acecard