There are currently multiple variants of malware for mobile devices used for different purposes. Digital forensics experts mention that, during the most recent months, an infection campaign has been detected against devices with Android operating system that uses malware to infiltrate the victims’ mobile banking app and extract their assets.
In its report, the security firm Group-IB mentions that this Trojan is capable of automatically making bank transfers to accounts controlled by hackers. The most complex stage of the attack is sending the malicious payload; subsequently, threat actors would perform the forwarding of funds without further mishaps.
According to digital forensics experts, at least two major Russian banks have already identified some cases of successful attack. Representatives of these banking institutions mention that there are really few cases of infection with this virus, although they stress that it is important to face this threat before the scope of the attack grows.
Unlike previous malware variants for mobile operating systems, which could only display pop-ups to capture login credentials, this Trojan is able to scan the targeted device for mobile banking apps, capture the victim’s financial information and perform operations through the app.
“These malware increasingly resemble banking Trojans employed in large-scale attacks against desktops and banking networks,” digital forensics experts mention. It should be remembered that this type of virus is capable of stealing information from electronic banking systems, physical cards and payment terminals.
Regarding the infection method, hackers often disguise these viruses as simple apps (some games or mobile browsers), although they are also hidden on adult websites, pirated content download platforms and even via SMS messages. Although such developments date back a couple of years, the International Institute of Cyber Security (IICS) digital forensics experts mention that activity related to Android malware increased significantly throughout 2019; however, most of the time these attacks remain unsuccessful.
Some members of the cybersecurity community consider that the increase in this activity is linked to the disintegration of one of the largest botnets on record. The operators, allegedly Russian hackers, would have chosen to compromise Android devices in their subsequent attacks.