FINCSIRT

Malware eye on Android users

Android malware is a difficult issue that can cause all of sorts of inconvenience, in case you're not focusing on what you introduce on to your smart device. Even applications that originates from Google Play store can contain malware, and specialists have found new ways and means that would enable programmers to take control of an Android device without the client not knowing it.

Nowadays, the popularity of android mobile platform grows rapidly. Due to this rapid increase of mobile platform, eyes of malware authors focus especially on the Android platform. To protect Android users over malicious applications, even Google has taken action by providing robust security tools for Android developers. But in sometimes malware developers can upload malicious apps quicker than Google can block them.

Mobile banking is one of the major areas that affected from the Android malware. In mid-July 2017, a new modification of well-known mobile banking malware family Svpeng – Trojan-Banker.AndroidOS.Svpeng.ae was found. In this modification, attackers have added new features and now it is able to behave as a keylogger, stealing entered text through the use of accessibility services. This keylogger takes advantage of Accessibility Services, an Android feature that assists users with disabilities or allow users to access apps while driving.

Initially this Trojan checks the device language and if it is not Russian it requests device’s permission to use accessibility services and by exploiting this privilege it can perform many destructive actions. It grants itself device administrator rights, draws itself over other apps, installs itself as a default SMS app, and grants itself some dynamic permissions that include the ability to send and receive SMS, make calls, and read contacts. Moreover, by using its newly implemented features, this Trojan can block any attempt to eliminate device administrator rights and preventing it being uninstall. When the Trojan has capability to access to the inner workings of the device’s other apps, it can steal text entered on other apps and take screen-shots, information that’s promptly fired off to the attackers’ command and control server

Don’t be a victim,

* Download Apps only from Trusted Sources
* Use Strong Antimalware Protection
* Update your android version
* Do not leave 'Unknown sources' enabled
* Read application permission and grant only the essentials