Android malware that targets large German banks by masquerading as an email application and avoids detection from mobile anti-virus software has been discovered by Fortinet’s security team.
By asking for a variety of administrator privileges the trojan horse email app can gain the ability to configure storage encryption and lock the screen.
The malware can also gain the ability to send and receive SMS messages that can help bypass text message based two-step verification if that technique is enabled on an infected Android smartphone.
The feature, dubbed GPService2, also works to hinder mobile anti-virus apps and services, which it does by detecting when such an app is launched which it then checks against an list of anti-virus apps, then if the app is on the list the malware forces the user to return to the home screen to prevent the app or service from being fired up.
GPService2 also acts as the protocol to communicate with the command server being used by a hacker or cyber criminal to pre-load the trojan malware with malicious code payloads, and feedback the stolen data to the command and control server.
The second feature is the FDService, which runs in the background and targets apps contained on a list coded into the trojan, meaning the malware can be tailored to target specific apps once it infects a phone.
Forninet’s IPS Analyst Kai Lu said the trojan the security company discovered had an empty list but speculated it could be tailored by a hacker to target specific apps.
“The author probably intends to add new targeted apps in the future. We speculate that it may also include some popular social media apps. It then prompts the user with a fake google play card screen overlay that resembles the legitimate app when that app is launched,” Lu explained.
Fortinet also discovered a list with 15 German banking apps on it, and noted that future versions of the trojan could be used to target other banks.
The third key feature is the AdminRightsService, which as the name suggests, tricks Android smartphone users to give the trojan a variety of administrative permissions.
Trojans that are targets at banks in specific countries appear to be on the rise, with the Zeus malware aimed at Russian banks and used to target financial transactions in Brazil amidst the Rio 2016 Olympic Games earlier this year.
How much do you know about hackers and viruses? Take our quiz!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…