Android banking malware downloaded 10,000 times from Google Play: What to do
Android cyberbanking malware downloaded x,000 times from Google Play: What to do
A dangerous banking Trojan known as Cerberus has been found masquerading as a Spanish-language currency-converter app that was bachelor to download from the Google Play Store.
According to researchers at antivirus firm Avast, the app targeted Android users in Spain and amassed more than 10,000 downloads.
- VPN: continue your identity protected when using cyberbanking apps
- Best antivirus: stay protected when online at home and on mobile
- Just in: Mac 'EvilQuest' ransomware can steal your data
Avast explained that the app "disguised itself every bit a 18-carat app in order to access the banking details of unsuspecting users." Less common is the fact that the banking Trojan was able to make its way onto the Google Play Store in the beginning place.
"The '18-carat' app in this case, posed equally a Spanish currency converter called Calculadora de Moneda," wrote Avast's Ondrej David in a blog mail. "According to our enquiry, [information technology] hid its malicious intentions for the first few weeks while being available on the store."
"This was possibly to stealthily larn users before starting any malicious activities, which could take grabbed the attention of malware researchers or Google'southward Play Protect squad," David added. "As a result, the app has been downloaded more than than 10,000 times so far. Nosotros reported it to Google, so they can apace remove it."
Stealth manner
Avast noted how cyberbanking Trojans often part in a "stealth fashion", aiming to become trusted past the user past behaving normally for a flow of time, before going on to access the user's banking details.
In that location are multiple stages in this process, according to Avast. The first is getting users to download the malicious app, which looks legitimate and may even offering some of the advertised functions. Only somewhen, information technology will update itself, or even install a different app onto the victim's device, in order to steal fiscal details.
David explained that the currency converter app "did non steal any information or cause any harm" at start. But it wasn't long until the banking Trrojan kicked into activity.
"Afterward versions of the currency converter included a 'dropper code' simply it however wasn't activated initially, i.e. the command and control server (C&C) instructing the app wasn't issuing whatsoever commands and then users wouldn't see and download the malware," David wrote. "However in the last couple of days, Threat Labs noticed that a 'control and control server' issued a new command to download the boosted malicious Android Application Package (APK) -- the banker."
Fake cyberbanking page
Avast said that, in the last stage, the banker app "tin can sit over an existing cyberbanking app and wait for the user to log into their bank business relationship" by abusing Android's features for users with visual or hearing impairments.
This creates "a layover over your login screen, and steals all your access data", and can even do things similar "read your text messages and two-factor authentication details, meaning it is able to bypass all security measures".
To stay safe from banking Trojans, Avast recommends that users only use verified and trusted cyberbanking apps, to read user reviews and ratings on the Google Play Store (and avoid third-political party stores), to expect at an app's permissions to run into if information technology is requesting too many, and to download and utilise 1 of the best Android antivirus apps.
- Read more than: Stay protected on your mobile with the best Android VPN
Source: https://www.tomsguide.com/news/android-banking-trojan-cerberus
Posted by: keenanorned1982.blogspot.com
0 Response to "Android banking malware downloaded 10,000 times from Google Play: What to do"
Post a Comment