This dangerous Android spyware could affect millions of devices
Banker is on the prowl for reckless Android users again
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
An updated version of the BankerAndroidspyware has been detetcted, stealing victim’s banking details and possibly even money in some cases.
According tocybersecurity researchers from Microsoft, an unknown threat actor has initiated a smishing campaign (SMS phishing), through which it tries to trick people into downloading TrojanSpy:AndroidOS/Banker.O. This is amalwarevariant that’s capable of extracting all sorts of sensitive information, including two-factor authentication (2FA) codes, account login details, and other personally identifiable information (PII).
What makes this attack particularly worrying is how stealthily the entire operation works.
Granting major permissions
Once the user downloads the malware, they need to grant certain permissions, such as MainActivity, AutoStartService, and RestartBroadCastReceiverAndroid.
That allows it to intercept calls, access call logs, messages, contacts, and even network information. By being able to do these things, the malware can also receive and read two-factor authentication codes coming in via SMS, and delete them to make sure the victim doesn’t suspect anything fishy.
To make matters even worse, the app is allowed silent command, which means the 2FA codes coming in through SMS can be received, read, and deleted, in complete silence - no notification sounds, no vibration, no screen light, nothing.
These Android spyware apps are spreading like wildfire>Google warns Android smartphones targeted by dangerous Predator spyware>These are the best antivirus programs out there
The threat actors behind the campaign are unknown, but whatMicrosoftdoes know is that the app, first seen in 2021, and significantly upgraded since, can be accessed remotely.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The scope of the attack is also unknown, as it’s hard to determine exactly how many people are affected. Last year, Banker was observed attacking Indian consumers only, and given that the phishing SMS carries the logo of the Indian ICICI bank, it’s safe to assume Indian users are in the crosshairs this time around, as well.
“Some of the malicious APKs also use the same Indian bank’s logo as the fake app that we investigated, which could indicate that the actors are continuously generating new versions to keep the campaign going,” the researchers said.
Via:The Register
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
England vs Australia live stream: how to watch 2024 rugby union Autumn International online from anywhere
