After installation the Android-based device, the malware, called “Banker.AndroidOS.Basti.a” requests permission to access the network, incoming SMS-messages etc.
New Trojan-Banker disguised as a legitimate application WeChat, is used to collect owners financial data of Android-devices from China. According to Kaspersky Lab, the attackers chose this program because many users use it to make payments.
Authors the Trojan encrypted it using App Shield, which allows you to add multiple "layers of protection."
Nevertheless the IS-company experts manage to decode the file. It is capable of many types of malicious behavior. There are also some packages to make its GUI look more professional, which in turn make it a more potent phishing tool.
After launching it opens a special GUI to let users input their bank related information, including bank card number, PIN code and mobile phone number.
After gathering all this information, it sends them to the Trojan author’s email.
Trojan source code contains the name of the address and even the password required to access the account. The experts found that using this malicious software was downloaded by many people.