Virus analysts at the company “Doctor Web” explored a new Trojan horse, designed to infect smartphones and tablets running the Android OS.
This malicious program, included in the virus database under the name of Android.BankBot.34.origin, is capable of stealing personal information of owners of mobile devices, as well as to steal money from Bank accounts and the accounts of the mobile phones of their victims.
To start its malicious activity Android.BankBot.34.origin can only after installation in the system by the owner of the mobile device. Therefore, to increase the likelihood that you install and run the Trojan potential victims of the authors of Android.BankBot.34.origin distribute it under the guise of system updates and provide a shortcut to one of the most popular programs. It should be noted that the choice of application for simulation depends entirely on the imagination of writers and can be absolutely anything.
Once installed, the Trojan sets up a shortcut on the home screen, it can coexist next to the label of the original program if it is already present in the system. Thus, inexperienced users may confuse the application and the chance to run the Trojan instead of this. If the owner of the infected mobile device activates a malicious application after installing it yourself, run the Trojan will still happen, because in Android.BankBot.34.origin provides for automatic download when you switch the operating system.
After its initialization Android.BankBot.34.origin asks the victim access to the administrative functions of the mobile device, which to some extent allows a malicious application to make it difficult to uninstall. In addition, the Trojan deletes the created previously shortcut if running Android.BankBot.34.origin was made by the owner of a smartphone or tablet. The Trojan then launches directly to malicious activity.
In Fact, Android.BankBot.34.origin are able to implement on the infected Android device two attack scenario. The first scenario depends on the behavior of the user and is activated when he tries to run one of the interesting malicious applications. If the owner of the infected by the Trojan smartphone or tablet will launch a similar program for Android.BankBot.34.origin displays on top of its interface phishing dialog box with fields for entering personal information, such as username and password, phone number or credit card information.
For each of these applications, the Trojan very plausible simulates the appropriate request form, which indicates the desire of writers to cause the least possible suspicion from their victims. The second attack scenario, in contrast, does not depend on committed actions and occurs only in accordance with the instructions of the attackers coming from the remote host.
Similarly, attackers can steal money from the mobile account users, using USSD commands and transferring a certain amount on your phone number. Herewith the list of attached mobile operators and credit institutions practically is not limited and depends on the current needs of the creators of malware. In particular, the greatest risk clients of those banks and payment systems that offer account management by means of SMS messages, as well as subscribers of mobile operators to provide mobile payments from the accounts of the phones.