All articles tagged with #banking trojan
Originally Published 2 months ago — by The Hacker News
Researchers have uncovered a new Android banking trojan called Herodotus that can mimic human typing to evade detection, conduct device takeover attacks, and target financial institutions and cryptocurrency platforms, highlighting evolving malware techniques and active campaigns in Italy, Brazil, and beyond.
Originally Published 1 year ago — by Fox News
A new Android banking trojan named Antidot, discovered by Cyble, disguises itself as a Google Play update to steal sensitive information. It tricks users into sideloading it via APK files from third-party sources or through phishing emails and texts. Once installed, it uses accessibility settings to gain control and perform overlay attacks to capture login credentials. Users are advised to be cautious of phishing attempts, use strong antivirus software, download apps from trusted sources, and regularly update their devices to protect against such threats.
Originally Published 1 year ago — by GB News
A new Android malware called Antidot, disguised as a Google Play Store update, is designed to steal money from users' bank accounts by collecting sensitive information and gaining extensive permissions. Discovered by Cyble security researchers, this banking Trojan is being distributed via phishing messages in multiple languages. Users are advised to be cautious of apps requesting excessive permissions and to use strong passwords, multi-factor authentication, and antivirus software to protect their devices.
Originally Published 1 year ago — by PhoneArena
The Antidot banking trojan is disguising itself as a Google Play update to trick Android users into downloading it. Once installed, it gains accessibility permissions to perform malicious activities, including stealing financial credentials through overlay attacks, keylogging, and screen recording. Users are advised to download apps only from trusted sources and be cautious about granting permissions.
Originally Published 1 year ago — by Fox News
The Vultur banking Trojan has resurfaced with new, stealthier methods to infect Android devices, including a hybrid attack that tricks victims into downloading malware through a fake security app. Once infected, hackers can gain full control of the device, bypassing lock screens and remotely accessing and controlling it. To protect against Vultur, users are advised to avoid calling unknown numbers sent via text messages, avoid sideloading apps and shortened URLs, carefully grant app permissions, limit the number of apps on their device, download apps from reputable sources, keep their device updated, and install antivirus software. If compromised, users should change passwords from a different device, monitor accounts, use identity theft protection, contact financial institutions, alert contacts, and consider restoring the device to factory settings.
Originally Published 1 year ago — by BleepingComputer
The PixPirate Android malware has evolved to hide on phones by not using an icon and employing a new tactic to remain active even after its dropper app is removed. It utilizes two apps, with the second one being the encrypted banking malware, and can launch and control itself based on different device events. The malware targets the Brazilian instant payment platform Pix to divert funds to attackers and has the capability to automate fraudulent transactions without users' knowledge. Google Play Protect is currently able to protect against known versions of this malware.
Originally Published 1 year ago — by VentureBeat
Cybersecurity company Group-IB has discovered a banking trojan that steals people’s faces, using AI-generated deepfakes to bypass security checkpoints and withdraw funds from victims' bank accounts. The use of deepfake attacks has increased significantly, raising concerns about the reliability of biometric tools. A Chinese-based hacking group has developed aggressive trojans targeting the APAC region, posing as government services agents and targeting the elderly. Users are advised to be cautious of suspicious links, review app permissions, and watch for signs of malware on their devices.
Originally Published 1 year ago — by The Hacker News
The Anatsa Android banking trojan, also known as TeaBot and Toddler, has expanded its reach to include Slovakia, Slovenia, and Czechia in a new campaign observed in November 2023. Despite Google Play's enhanced detection and protection mechanisms, the trojan's droppers have successfully exploited the accessibility service and bypassed restricted settings for Android 13. Anatsa is distributed under innocuous apps on the Google Play Store and has the capability to gain full control over infected devices, execute actions on a victim's behalf, and steal credentials for fraudulent transactions. The latest campaign involved five droppers with over 100,000 total installations, with one dropper masquerading as a phone cleaner app and leveraging versioning to introduce malicious behavior. The trojan's abuse of the accessibility service is tailored to Samsung devices, and the campaign demonstrates a targeted approach to concentrate on specific regions for financial fraud.
Originally Published 1 year ago — by The Hacker News
The Mispadu banking Trojan has been observed exploiting a now-patched Windows SmartScreen security flaw to target users in Mexico, with phishing emails being the primary method of propagation. This Delphi-based malware has been active in the Latin American region, harvesting over 90,000 bank account credentials since August 2022. The exploit involves the use of rogue internet shortcut files within fake ZIP archives to bypass SmartScreen warnings, allowing the malware to selectively target victims and establish contact with a command-and-control server for data exfiltration. Additionally, the article highlights the use of DICELOADER by the Russian e-crime group FIN7 and the discovery of new malicious cryptocurrency mining campaigns by AhnLab.
Originally Published 2 years ago — by Fox News
SpyNote is a dangerous Android banking Trojan that disguises itself as a system update or legitimate app. Once installed, it gives hackers full control over the device, allowing them to access the camera, microphone, phone conversations, text messages, bank accounts, and personal data. SpyNote can hide from antivirus software and use various techniques to access texts, calls, and even take pictures. Users can protect themselves by avoiding suspicious links, installing reliable antivirus protection, updating their phone through official settings, and performing regular backups. If infected, steps such as disabling unknown sources, deleting suspicious files, or performing a factory reset may be necessary to remove SpyNote.
Originally Published 2 years ago — by Tom's Guide
The Xenomorph Android malware has resurfaced with new capabilities, targeting over 100 banking and crypto apps. The upgraded version uses a "mimic" feature to act as another app and a "ClickOnPoint" feature to simulate taps on the screen. The malware is distributed through phishing sites that trick users into downloading a malicious APK file disguised as a Chrome update. It steals credentials through overlays on banking and crypto apps. To stay safe, users should only download apps from official app stores and consider using Android antivirus apps.
Originally Published 2 years ago — by Tom's Guide
The Anatsa banking trojan has resurfaced with new capabilities, targeting over 600 banking apps and draining accounts of customers in the U.S., U.K., Germany, Austria, and Switzerland. The trojan is being distributed through malicious apps hosted on the Google Play Store, posing as PDF editors and office suites. Users are advised to uninstall specific apps listed in the report. Anatsa collects sensitive financial information using overlays on banking apps and performs fraudulent transactions on infected devices. The stolen funds are converted into cryptocurrency and sent back to the hackers through a network of money mules. Google has removed the identified malicious apps and banned the developers, while Google Play Protect automatically removes known malware-containing apps. Users are advised to limit app installations, avoid downloading free apps, check reviews and ratings, and consider using Android antivirus apps or Google Play Protect.
Originally Published 2 years ago — by The Hacker News
Anatsa banking trojan is targeting banking customers in the US, UK, Germany, Austria, and Switzerland through dropper apps on the Google Play Store. The trojan steals credentials used to authorize customers in mobile banking applications and performs Device-Takeover Fraud (DTO) to initiate fraudulent transactions. Anatsa has backdoor-like capabilities to steal data and can bypass existing fraud control mechanisms to carry out unauthorized fund transfers. The dropper apps exploit the restricted "REQUEST_INSTALL_PACKAGES" permission to install additional malware on the infected device. ThreatFabric warns that the recent Google Play Store distribution campaigns demonstrate the immense potential for mobile fraud and the need for proactive measures to counter such threats.
Originally Published 2 years ago — by BleepingComputer
The Android banking trojan Anatsa is being distributed via the Google Play Store, with over 30,000 installations in the US, UK, Germany, Austria, and Switzerland. The trojan collects financial information by overlaying phishing pages on legitimate banking apps and via keylogging. Anatsa supports targeting nearly 600 financial apps from around the world and uses the stolen information to perform on-device fraud. Users are advised to be vigilant when installing apps on Android devices and to avoid apps from dubious publishers. Google has removed the identified malicious apps from the Play Store and banned the developers.
Originally Published 2 years ago — by The Hacker News
A new QBot malware campaign is using hijacked business emails to spread malware, primarily targeting users in Germany, Argentina, Italy, Algeria, Spain, the U.S., Russia, France, the U.K., and Morocco. QBot is a banking trojan that steals passwords and cookies from web browsers and doubles up as a backdoor to inject next-stage payloads such as Cobalt Strike or ransomware. The malware is distributed via phishing campaigns and has seen constant updates during its lifetime to evade detection. The latest campaign uses email thread hijacking attacks to trick victims into opening a malicious PDF file that leads to the retrieval of an archive file containing an obfuscated Windows Script File that downloads the QBot malware.