Svpeng Android banking Trojan goes phishing
Posted on 07.11.2013
The Android banking Trojan known as Svpeng has been improved by its creators and is now capable to perform phishing attacks as well as stealing money directly from a victim’s bank account by executing commands from a remote C&C.

It did the latter by sending SMS messages to numbers of two Russian banks, checking in this way if that particular phone number has a card tied to it. If the answer is yes, the malware proceeds to send that information to a C&C, from which it receives commands to transfer money from the victim’s account to one controlled by the attackers.

Svpeng is currently only made to target Russian users, even though a widening of the potential victim pool is likely, as it does have the ability to detect the device’s operating system’s language setting. It is propagated via bogus SMS messages.

This latest change makes the malware detect when a user launches a banking app of a specific (and one of the largest) Russian banks, and substitute the opened window with a spoofed one that is programmed to send the entered login credentials to the crooks behind this scheme.

In addition to this, the malware does the same thing when the user launches Google Play, and it shows a bogus window in which the user is asked to enter his or her credit card details. Once again, the data is sent to the crooks.


Svpeng also has a good protection mechanism against mobile AV solutions.

“To prevent security products from deleting it, the Trojan still uses the standard Android tool – deviceAdmin,” explains Kaspersky Lab expert Roman Unuchek. “To prevent the user from disabling DeviceAdmin, the Trojan uses a previously unknown vulnerability in Android. In the same way it tries to prevent resetting of the phone to factory settings.”









Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals it’s our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Sep 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //