There are currently multiple variants of malware for mobile devices used for different purposes. Digital forensics experts mention that, during the most recent months, an infection campaign has been detected against devices with Android operating system that uses malware to infiltrate the victims’ mobile banking app and extract their assets.
In its report, the security firm Group-IB
mentions that this Trojan is capable of automatically making bank transfers to
accounts controlled by hackers. The most complex stage of the attack is sending
the malicious payload; subsequently, threat actors would perform the forwarding
of funds without further mishaps.
According to digital forensics experts, at
least two major Russian banks have already identified some cases of successful
attack. Representatives of these banking institutions mention that there are
really few cases of infection with this virus, although they stress that it is
important to face this threat before the scope of the attack grows.
Unlike previous malware variants for mobile
operating systems, which could only display pop-ups to capture login
credentials, this Trojan is able to scan the targeted device for mobile banking
apps, capture the victim’s financial information and perform operations through
“These malware increasingly resemble
banking Trojans employed in large-scale attacks against desktops and banking
networks,” digital forensics experts mention. It should be remembered that
this type of virus is capable of stealing information from electronic banking
systems, physical cards and payment terminals.
Regarding the infection method, hackers often
disguise these viruses as simple apps (some games or mobile browsers), although
they are also hidden on adult websites, pirated content download platforms and
even via SMS messages. Although such developments date back a couple of years,
the International Institute of Cyber Security (IICS) digital forensics experts
mention that activity related to Android
malware increased significantly throughout 2019; however, most of the time
these attacks remain unsuccessful.
Some members of the cybersecurity community
consider that the increase in this activity is linked to the disintegration of
one of the largest botnets on record. The operators, allegedly Russian hackers,
would have chosen to compromise Android devices in their subsequent attacks.