{"id":3101,"date":"2013-11-07T14:16:42","date_gmt":"2013-11-07T19:16:42","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=3101"},"modified":"2020-02-26T10:45:13","modified_gmt":"2020-02-26T15:45:13","slug":"an-android-trojan-swindles-banking-credentials","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/an-android-trojan-swindles-banking-credentials\/3101\/","title":{"rendered":"An Android Trojan Swindles Banking Credentials"},"content":{"rendered":"<p>Android malware now has a well-established <a href=\"https:\/\/www.kaspersky.com\/blog\/ask-the-expert-denis-maslennikov\/\" target=\"_blank\" rel=\"noopener nofollow\">track record of monetary theft<\/a>, which is typically accomplished by sending text messages to premium rate numbers. At the end of summer we wrote about a <a href=\"https:\/\/www.kaspersky.com\/blog\/an-android-that-robbed-your-bank-account\/\" target=\"_blank\" rel=\"noopener nofollow\">new Trojan, which was able to steal from a debit\/credit card<\/a> if the card was bound to a phone number. Cybercriminals never stop inventing new ways to steal money or find the means to access money from unsuspecting victims. A new variation of the aforementioned <a href=\"http:\/\/www.securelist.com\/en\/blog\/8138\/The_Android_Trojan_Svpeng_now_capable_of_mobile_phishing\" target=\"_blank\" rel=\"noopener nofollow\">Svpeng Trojan<\/a> uses several tricks to phish for credit card numbers and online banking credentials.<\/p>\n<p>It is worth mentioning that the specific sample we discovered targets Russian users, however, Russia often serves as a testing ground for cybercriminals. Well-proven schemes usually go overseas quite quickly. For now, the malware appears to be interested in U.S., German, Belarusian and Ukrainian victims.\u00a0Currently the Trojan is configured to mimic popular Russian banks. Upon the launch of the mobile banking app, the Trojan replaces the open window with its own to swindle out the password.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2013\/11\/06045243\/Screen-Shot-2013-11-07-at-2.15.15-PM.png\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-3103\" alt=\"Screen Shot 2013-11-07 at 2.15.15 PM\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2013\/11\/06045243\/Screen-Shot-2013-11-07-at-2.15.15-PM.png\" width=\"156\" height=\"277\"><\/a><\/p>\n<p>Another implemented attack is more versatile as it targets Google Play users. When victim launch the Android online market app, the Trojan overlaps Google\u2019s windows with its own and proposes that users add a credit card to the account.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2013\/11\/06045242\/Screen-Shot-2013-11-07-at-2.15.27-PM.png\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-3104\" alt=\"Screen Shot 2013-11-07 at 2.15.27 PM\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2013\/11\/06045242\/Screen-Shot-2013-11-07-at-2.15.27-PM.png\" width=\"191\" height=\"340\"><\/a><\/p>\n<p>During three months of the Trojan\u2019s existence, Kaspersky Lab has discovered over 50 modifications of this malware, which means that criminals recognize its high \u201ccommercial value\u201d. No doubt, we will see new versions of the Trojan that will able to steal from clients of various banks in multiple countries very soon. The current version spread itself using SMS spam, but other variations might utilize another infection tactic.<\/p>\n<p>To avoid infection, follow the Android user golden rules:<\/p>\n<ul>\n<li>Switch off \u201cAllow installation from unknown sources\u201d in security settings<\/li>\n<li>Use Google Play, do not use untrusted third-party app stores<\/li>\n<li>Before installing a new app, check every permission requested by this app and consider if those permissions are reasonable for that type of app<\/li>\n<li>Check app ratings and download counts, avoid applications with low ratings and a small number of downloads<\/li>\n<li>Use <a href=\"https:\/\/www.kaspersky.com\/android-security\" target=\"_blank\" rel=\"noopener nofollow\">full-scale security protection for your Android<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Android malware now has a well-established track record of monetary theft, which is typically accomplished by sending text messages to premium rate numbers. At the end of summer we wrote<\/p>\n","protected":false},"author":292,"featured_media":3102,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2683],"tags":[105,486,723],"class_list":{"0":"post-3101","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-android","9":"tag-banking-threats","10":"tag-trojans"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/an-android-trojan-swindles-banking-credentials\/3101\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/an-android-trojan-swindles-banking-credentials\/2652\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/an-android-trojan-swindles-banking-credentials\/2541\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/an-android-trojan-swindles-banking-credentials\/2836\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/an-android-trojan-swindles-banking-credentials\/2654\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/an-android-trojan-swindles-banking-credentials\/1975\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/an-android-trojan-swindles-banking-credentials\/3101\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/an-android-trojan-swindles-banking-credentials\/3101\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/android\/","name":"Android"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/3101","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/292"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=3101"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/3101\/revisions"}],"predecessor-version":[{"id":32961,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/3101\/revisions\/32961"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/3102"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=3101"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=3101"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=3101"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}