Tag Archive for: TROJANS.
The danger of counterfeit mobile phones, with hidden Trojans and malware
The question is clear, why having completely solvent mid-range and entry-level mobiles, would we want to get hold of a fake. Well, the reality is that in developing countries these types of mobiles are still seen, which usually copy the external appearance of the most desired high-end mobiles.
New examples of its dangerousness
Today we are talking about this type of device again precisely because a good number of terminals have been discovered that would be infected with malicious software no less than in the system partition, come on, you are infected with malware in a severe way. It is a series of mobile phones that are mere counterfeits of other better-known models, and from the names you can get an idea of what we are talking about.
These models are known as P48pro, radmi note 8, Note30u and Mate40, which are named in this way precisely to generate confusion in the consumers themselves, who, between the similar design and the similar name, end up achieving their objective of deceiving the victims. These versions of popular smartphones are called counterfeitand this example revealed by Doctor Web is one of the best exponents of what we are telling you.
Malicious and outdated software
Hackers are so obsessed with creating devices designed to infect victims that the software they carry is not old, but directly antediluvian. Because these mobiles that have found Trojans and malware inside their system partition, precisely have a version of Android with more than a decade behind them, as it is Android 4.4.2.
Specifically, these phones have been detected with a clear manipulation in their operating system, specifically two files, the “/system/lib/libcutils.so” and “/system/lib/libmtd.so” that have been modified so that when any app uses one of these libraries, the Trojanization process of the mobile phone is triggered, in such a way that the indiscriminate download of malicious software to the smartphone begins, which is the objective with which this type is created of mobiles.
additional rear door
These researchers have also been able to discover that when WhatsApp or WhatsApp Business is executed, a new vulnerability, which is capable of opening a third…
The 10 Most Pervasive Android Trojans In The World: From Teabot To Xenomorph
Find out which are the 10 most widespread Android Trojans in the world.
It is very common in the recent times that we have to inform you about a new banking trojan aimed at Android users, which pretends to be the official application of your bank. steal your account credentialsIntercept SMS sent by bank and even commit financial fraud pretend to be yourself by taking advantage of your mobile’s accessibility services,
In this sense, experts from the American cyber security company Zimperium have recently published a report that explains which are 10 Most Pervasive Android Trojans in the World,
We review the 10 most dangerous Trojans on Android.
These are the world’s 10 most widespread Trojans
According to Zimperium experts, the United States is The country with the most banking applications infected with Trojans, in which a total of 121 apps were attacked, are below in this order, 55 infected apps in UKItaly with 43, Turkey with 34, Australia with 33 and France attacked with 33 apps,
As far as the most attacked apps across the world are concerned, the first one is PhonePe, which is a very popular app in India. over 100 million downloadsIt is followed by one of the best cryptocurrency exchange apps, and Cash App, a widely used mobile payment service in both the United Kingdom and the United States, both. over 50 million downloads in play store.
Below is the app of the Spanish bank BBVA, which brings together Millions of downloads in the Google App Store,
Thus, according to the Zimperium researchers, The 10 Most Prolific Banking Trojans in the First Quarter of 2021 They were the following:
- teabot:this trojan is targeting PhonePe, Binance, Barclays, Crypto.com, Postpay, Bank of America, Capital One, Citi Mobile and Coinbase And it has a special keylogger for each application, which is loaded when the user launches the app.
- exobot: This Trojan attacks PayPal, Binance, CashApp, Barclays, BBVA and Caixabank And it is very small and lightweight because it uses system shared libraries
- flubot, The purpose of this Trojan is BBVA, Caixa, Santander…
10 Most Prolific Banking Trojans Targeting Hundreds of Financial Apps with Over a Billion Users
10 of the most prolific mobile banking trojans have set their eyes on 639 financial applications that are available on the Google Play Store and have been cumulatively downloaded over 1.01 billion times.
Some of the most targeted apps include Walmart-backed PhonePe, Binance, Cash App, Garanti BBVA Mobile, La Banque Postale, Ma Banque, Caf – Mon Compte, Postepay, and BBVA México. These apps alone account for more than 260 million downloads from the official app marketplace.
Of the 639 apps tracked, 121 are based in the U.S., followed by the U.K. (55), Italy (43), Turkey (34), Australia (33), France (31), Spain (29), and Portugal (27).
“TeaBot is targeting 410 of the 639 applications tracked,” mobile security company Zimperium said in a new analysis of Android threats during the first half of 2022. “Octo targets 324 of the 639 applications tracked and is the only one targeting popular, non-financial applications for credential theft.”
Aside from TeaBot (Anatsa) and Octo (Exobot), other prominent banking trojans include BianLian, Coper, EventBot, FluBot (Cabassous), Medusa, SharkBot, and Xenomorph.
FluBot is also considered to be an aggressive variant of Cabassous, not to mention hitching its distribution wagon to serve Medusa, another mobile banking trojan that can gain near-complete control over a user’s device. Last week, Europol announced the dismantling of infrastructure behind FluBot.
These malicious remote access tools, while hiding behind the cloak of benign-looking apps, are designed to target mobile financial applications in an attempt to carry out on-device fraud and siphon funds directly from the victim’s accounts.
In addition, the rogue apps are equipped with the ability to evade detection by often hiding their icons from the home screen and are known to log keystrokes, capture clipboard data, and abuse accessibility services permissions to pursue their objectives such as credential theft.
This involves the use of overlay attacks, pointing a victim to a fake banking login page that’s displayed atop legitimate financial apps and can be used to steal the credentials entered.
Consequences of such attacks can range from data theft and financial fraud to regulatory fines…