Android malware that targets large German banks by masquerading as an email application and avoids detection from mobile anti-virus software has been discovered by Fortinet’s security team.
By asking for a variety of administrator privileges the trojan horse email app can gain the ability to configure storage encryption and lock the screen.
The malware can also gain the ability to send and receive SMS messages that can help bypass text message based two-step verification if that technique is enabled on an infected Android smartphone.
The feature, dubbed GPService2, also works to hinder mobile anti-virus apps and services, which it does by detecting when such an app is launched which it then checks against an list of anti-virus apps, then if the app is on the list the malware forces the user to return to the home screen to prevent the app or service from being fired up.
GPService2 also acts as the protocol to communicate with the command server being used by a hacker or cyber criminal to pre-load the trojan malware with malicious code payloads, and feedback the stolen data to the command and control server.
The second feature is the FDService, which runs in the background and targets apps contained on a list coded into the trojan, meaning the malware can be tailored to target specific apps once it infects a phone.
Forninet’s IPS Analyst Kai Lu said the trojan the security company discovered had an empty list but speculated it could be tailored by a hacker to target specific apps.
“The author probably intends to add new targeted apps in the future. We speculate that it may also include some popular social media apps. It then prompts the user with a fake google play card screen overlay that resembles the legitimate app when that app is launched,” Lu explained.
Fortinet also discovered a list with 15 German banking apps on it, and noted that future versions of the trojan could be used to target other banks.
The third key feature is the AdminRightsService, which as the name suggests, tricks Android smartphone users to give the trojan a variety of administrative permissions.
Trojans that are targets at banks in specific countries appear to be on the rise, with the Zeus malware aimed at Russian banks and used to target financial transactions in Brazil amidst the Rio 2016 Olympic Games earlier this year.
How much do you know about hackers and viruses? Take our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…