ESET, a proactive threat tracking company, analyzed a total of 29 bank Trojans discovered at the official Android store between August and early October 2018. They claimed to be accessories for the device and cleaners, battery managers and even horoscope applications.
These remotely controlled Trojans are able to dynamically affect any application on the victim's device through customized fishing forms.
In addition, they can prevent and redirect text messages to bypass SMS-based dual agent controllers, track call records, and download and install other applications on compromised devices. These malicious applications were primarily downloaded by the names of different developers, but similarities in the code and on the same C & C server imply that they are the work of a single attacker or group.
"Unlike other malicious applications that focus only on trying to imitate legitimate financial institutions and displaying screens with registration errors, the applications analyzed on this occasion are sophisticated malicious banking programs for mobile phones with complex functions and great emphasis on Sigilosidad, "said Camilo Gutiérrez, head of the research laboratory at ESET Latin America.
Once executed, applications may either display an error message claiming to have been removed due to incompatibility with the victim's device and then hide from the user's point of view or the other probability is that they offer the promised function as it may be to show the horoscope.
The primary malicious function is hidden in an encrypted payload located in the assets of each application. The payload functionality is to counterfeit the banking applications installed on the victim's device, track and send SMS messages, and download and install additional applications selected by the operator. Dynamically, malware can imitate the identity of any application installed on the victim's device, overlapping the legitimate application with false forms as soon as the legal application is performed, giving the victim very little chance of noticing that there is something suspicious
The 29 malicious applications have been removed from the official Android store, as ESET researchers have informed Google of its poor nature. Likewise, before they were removed from the store, apps were installed by around 30,000 users altogether.
"Fortunately, this particular banker Trojan does not use advanced tricks to ensure its persistence on affected devices, so if you suspect that you have installed one of these applications, you just have to uninstall them by going to Settings> Manage applications / applications. , ESET recommends that you check your bank account for possible suspicious transactions and consider modifying the electronic banking system password or code PIN, "concluded Camilo Gutiérrez.
To avoid becoming a victim of this malware, ESET recommends:
Download apps only from Google Play. Although this does not ensure that the application is not malicious, this malicious behavior is more common in third-party stores, where it is difficult to eliminate them even if they are discovered. The difference with Google Play is that they are erased quickly when reported.
Make sure you check the number of downloads, ratings, and comments in apps before uploading from Google Play.
Pay attention to what rights have been granted to the applications that have been installed.
Keep your Android device up to date and use a trusted mobile security solution.