Trojans keep trying to intercept bank data. A new malware attack for Android smartphones is particularly easy – and is therefore all the more dangerous.
For most people, the smartphone has long since become the digital control center of their lives. Even visits to banks today usually take place via apps. A new banking Trojan for Android smartphones takes advantage of this: It uses a clever way of accessing access data.
Vultur, as the pest was christened, uses a special trick to do this: It installs a remote diagnosis system (virtual network computing, VNC for short) on the smartphone, which is actually intended for maintenance work. And can then simply read all the entries in the installed banking apps.
New strategy bypasses old hurdles
This is a strategy that has not yet been observed with Android Trojans, emphasize the discoverers, the experts at Threatfabric. So far, the hackers have tried to access the data with fake log-in screens that were placed over the real apps. “That normally costs a lot of time and work for the actors, because they have to falsify numerous input masks in order to trick the users. Instead, they simply record what is shown on the screen and basically get the same result.” As a result, the data could first be stolen automatically and on a large scale, summarize them in a report.
The pest reaches the smartphone not from dark sources, but through the front door. The attackers hid him in the supposed protection app “Protection Guard”, of all things, which was then offered in Google’s Play Store. At least 5000 people have installed the app, it can no longer be found in the Play Store.
So far, victims are mainly known in Italy, Spain and Australia. So far, the experts have not said anything about German victims. The banks affected were ING, Santander and the Italian subsidiary of Volksbank, among others. In addition, crypto exchanges such as Coinbase and so-called wallets, in which digital currencies such as Bitcoin are stored, were identified as targets.
Hackers are rethinking
According to the experts, the newly discovered malware also indicates a change in the scene. In recent years, an increasing number of criminals on the Internet had relied on malware that was developed by a small group and then rented out in scene forums on the Darknet. One speaks of Malware-as-a-Service, or MaaS for short. The current approach indicates that a shift is taking place here, in that more self-developed programs that are precisely tailored to one’s own requirements are being used again, according to the experts.
David William is a talented author who has made a name for himself in the world of writing. He is a professional author who writes on a wide range of topics, from general interest to opinion news. David is currently working as a writer at 24 hours worlds where he brings his unique perspective and in-depth research to his articles, making them both informative and engaging.
