As we all know that Android is a mobile operating system (OS) currently developed by Google, based on the Linux kernel and designed primarily for touchscreen mobile devices such as smartphones and tablets. Recently the Avast antivirus solutions company identified a new banking Trojan which is able to spy on the user and remotely lock infected mobile devices.
New Banking Trojan For Android Devices Using Social Engineering Tactics
[dropcap]According[/dropcap] to the researchers from of Avast, a new banking Trojan for Android devices using the tactics of social engineering, tricking the victim and remain undetected on the infected mobile device. Application Name on the icon may be different, including MMS, MMS Center. However, after the first run, the program icon becomes hidden, which makes Trojan more elusive.
As the Trojan makes a routine check of the emulator. If the test does not show the application work in the emulator, it runs a background timer. Hence, the timer ceaselessly opens the dialogs activation administrative access to the device until it obtained the administrator privileges. After clicking on the “Cancel” button a new window appears immediately. The process continues until the receipt of administrative access.
The malware sends device information and intercepted SMS to C & C-server from where the criminals receive the further commands. The information which was sent to the server, includes the serial number of the mobile device, the country code, the name of the mobile operator, Android version of the device, the phone number, the serial number of SIM-card, the current version number of the Trojan and the unique identification number of the infected device.
In addition to receiving the data about your contacts, SMS, calls, and applications installed, the malware receives the GPS coordinates of the device. The Trojan also sends data to the server about the presence of administrative rights, hence, the altered SMS Manager becomes the “default” SMS Manager of your device. Administrator rights also enable the Trojan remotely lock the infected device.
For the credit cards, the Trojan opens the victim to a fake Google Play window on the infected device. However, on closer examination of the window it shows that the word Play is written in small letters. In addition, the malware team supports to download APK, which allows the user to lock the screen and redirect calls. Moreover, the Avast antivirus solutions company identified this Android Trojan as Banker-IR. In the case of infection, users of the infected device will have to reset their device to factory settings.