This dangerous Android spyware could affect millions of devices

Spyware
(Image credit: Future)

An updated version of the Banker Android spyware has been detetcted, stealing victim's banking details and possibly even money in some cases. 

According to cybersecurity researchers from Microsoft, an unknown threat actor has initiated a smishing campaign (SMS phishing), through which it tries to trick people into downloading TrojanSpy:AndroidOS/Banker.O. This is a malware variant that’s capable of extracting all sorts of sensitive information, including two-factor authentication (2FA) codes, account login details, and other personally identifiable information (PII). 

What makes this attack particularly worrying is how stealthily the entire operation works.

Granting major permissions

Once the user downloads the malware, they need to grant certain permissions, such as MainActivity, AutoStartService, and RestartBroadCastReceiverAndroid. 

That allows it to intercept calls, access call logs, messages, contacts, and even network information. By being able to do these things, the malware can also receive and read two-factor authentication codes coming in via SMS, and delete them to make sure the victim doesn’t suspect anything fishy. 

To make matters even worse, the app is allowed silent command, which means the 2FA codes coming in through SMS can be received, read, and deleted, in complete silence - no notification sounds, no vibration, no screen light, nothing.

The threat actors behind the campaign are unknown, but what Microsoft does know is that the app, first seen in 2021, and significantly upgraded since, can be accessed remotely. 

The scope of the attack is also unknown, as it’s hard to determine exactly how many people are affected. Last year, Banker was observed attacking Indian consumers only, and given that the phishing SMS carries the logo of the Indian ICICI bank, it’s safe to assume Indian users are in the crosshairs this time around, as well. 

"Some of the malicious APKs also use the same Indian bank's logo as the fake app that we investigated, which could indicate that the actors are continuously generating new versions to keep the campaign going," the researchers said.

Via: The Register

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Malware worm
Coordinated global mobile malware campaign targets banking apps and cryptocurrency platforms
mobile phone
Popular Android financial help app is actually dangerous malware
 In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
A close-up photo of an iPhone, with the App Store icon prominent in the center of the image.
App stores are increasingly becoming a major security worry
Android phone malware
Screen reading malware found in iOS app stores for first time - and it might steal your cryptocurrency
Spyware
Government-linked Italian spyware maker caught distributing malicious Android apps
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before