According to the researchers from Avast, a new banking Trojan for Android devices uses the tactics of social engineering, tricking the victim and remaining undetected on the infected mobile device.

The application Name on the icon may be different, including MMS and MMS Center. However, the program icon becomes hidden after the first run, which makes Trojan more elusive.

New Banking Trojan For Android Devices Using Social Engineering Tactics

As the Trojan makes a routine check of the emulator. If the test does not show the application work in the emulator, it runs a background timer.

Hence, the timer ceaselessly opens the dialogs activation administrative access to the device until it obtains administrator privileges. After clicking on the “Cancel” button, a new window appears immediately. The process continues until the receipt of administrative access.

The malware sends device information and intercepts SMS to C & C-server, where the criminals receive further commands. The information which was sent to the server includes the serial number of the mobile device, the country code, the name of the mobile operator, the Android version of the device, the phone number, the serial number of the SIM card, the current version number of the Trojan and the unique identification number of the infected machine.

In addition to receiving the data about your contacts, SMS, calls, and applications installed, the malware receives the GPS coordinates of the device.

The Trojan also sends data to the server about the presence of administrative rights. Hence, the altered SMS Manager becomes your device’s “default” SMS Manager. Administrator rights also enable the Trojan remotely lock the infected device.

For the credit cards, the Trojan opens the victim to a fake Google Play window on the infected device. However, a closer examination of the window shows that the word Play is written in small letters.

In addition, the malware team supports downloading APK, which allows the user to lock the screen and redirect calls. Moreover, the Avast antivirus solutions company identified this Android Trojan as Banker-IR. In the case of infection, users of the infected device will have to reset their device to factory settings.


Please enter your comment!
Please enter your name here