An updated version of Banker Android (opens in new tab) Spyware has been detected that steals the victim’s banking information and, in some cases, possibly even money.
According to Microsoft cybersecurity researchers (opens in new tab), an unknown attacker has launched a smishing (SMS phishing) campaign in an attempt to trick people into downloading TrojanSpy:AndroidOS/Banker.O. This is malware (opens in new tab) Variant capable of extracting all kinds of sensitive information, including two-factor authentication (2FA) codes, account credentials, and other personally identifiable information (PII).
What makes this attack particularly concerning is how stealthy the entire operation is.
grant main permissions
After the user downloads the malware, they need to grant certain permissions such as B. MainActivity, AutoStartService and RestartBroadCastReceiverAndroid.
This allows it to intercept calls, access call logs, messages, contacts and even network information. Because the malware can do these things, it can also receive and read two-factor authentication codes received via SMS and delete them to ensure the victim doesn’t suspect anything suspicious.
To make matters worse, the app is allowed a silent command, which means incoming 2FA codes via SMS can be received, read, and deleted in complete silence – no notification sounds, no vibration, no screen light, nothing.
The threat actors behind the campaign are unknown, but what Microsoft does know is that the app, which first appeared in 2021 and has since been significantly updated, can be accessed remotely.
The extent of the attack is also unknown, as it is difficult to determine exactly how many people have been affected. Last year, Banker was observed targeting only Indian consumers, and given the fact that the phishing SMS bears the logo of India’s ICICI bank, it’s safe to assume that Indian users are in the crosshairs again this time.
“Some of the malicious APKs also use the logo of the same Indian bank as the fake app we investigated, which could indicate that the actors are constantly creating new versions to keep the campaign going,” the researchers said.
About: The Register (opens in new tab)
https://www.techradar.com/news/this-dangerous-android-spyware-could-affect-millions-of-devices This dangerous Android spyware could affect millions of devices