Banking Trojans are not new to the cyber-crime world. It is a malicious computer program designed to gain access to confidential banking information. This type of malicious system program is built with a backdoor to allow third parties to gain access to the system.
As the security technologies especially in banking domain continue to improve, malware codes are being constantly evolved to evade detection. The financial cyber-crime landscape is hence, constantly changing and evolving to keep pace with the rising awareness and the increasing effectiveness of banking controls.
With the increasing popularity of mobile among people for carrying out any transaction, cyber-criminals have embraced mobile as their platform of choice to carry out fraudulent activities. Since 2015 there has been a tremendous increase in the design and launch of fake mobile apps to deceive users. The nature of fake application depends on the goals of cyber-criminals who use different strategies to build and deploy them.
Recent research revealed that a Banking Trojan found in Google Play. A malicious app intending to automatically record voice and calls was found in the official Android store.
QRecorder app, a phone call recording utility is known to have stolen thousands of euros from two European individuals. 10,000 downloads of the app reveal the app popularity among the masses. The call recorder app worked as advertised in order to avoid any kind of suspicion.
The huge number of downloads reveal that the app worked properly initially. The malware is expected to have been added in the last update.
The Banking Trojan found in Google Play is identified as Razdel, a variant of BankBot mobile banking Trojan. This newly observed variant has taken mobile threats to the next level incorporating:
Once the app is installed on your mobile:
These features are sufficient to embezzle users of their hard earned money. Intercepting text messages was leveraged to bypass two- factor authentication code that user received via SMS. Fake Screen overlay was used to put the banking credentials and other details straight in the hands of threat actors.
Moreover, within 24 hours of installation, the Banking Trojan found in Google Play develops a connection with the C&C (Command & Control) server. The successful installation of the fraud app is followed by a malicious script from the server that scans the device for specific German, Polish and Czech banking apps like:
So, whenever the targeted banking app was launched, the malware covered it with a phishing screen to collect the username and password. The collected information was then sent to the malware authors.
While this malicious app has been removed from the official Android store, Google is constantly striving against cyber criminals attempting to use the official Android marketplace to distribute malware. Recently the official app store was criticised for housing apps that entangled users in a booby trap without their knowledge. These include :
How to protect against installing malicious apps?
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.