The information security experts warned of the spread of dangerous banking Trojan Android.SmsSpy.88.origin, which attacks the customers of banks around the world. Information about a new modification of the malware was published by “Doctor Web”.
If all early versions of the Trojan attacked only users from Russia, the new version of infected smartphones and tablets running Android around the world. Android.SmsSpy.88.origin gets on the mobile device under the guise of innocuous programs like the well-known Adobe Flash Player. After the launch of Android.SmsSpy.88.origin prompts the user with access to administrator rights in order to obstruct its removal from the infected system.
After that, the malware connects to the network and maintains a connection in the active state, using Wi-Fi or a data transmission channel of the mobile operator, which allows the app to ensure constant communication with the managing server and to avoid any disruptions. The Trojan then creates the infected device unique identifier, which, together with other technical information is transmitted to the criminals ‘ server, where the registration of an infected smartphone or tablet.
Thus Android.SmsSpy.88.origin is trying to steal logins and passwords from accounts mobile banking to transfer them to cyber criminals. After the device owner runs one of the target applications, the Trojan by using the WebView shows its window on top of the phishing form of input authentication data to access the mobile Bank. Once the user specifies the desired data is malware, the program secretly transmits them to attackers, and they have full control over all the accounts of the victims.
The Trojan can perform other malicious actions. In particular, at the command of cyber criminals Android.SmsSpy.88.origin can intercept and send SMS and MMS messages, send USSD queries, sending messages to all numbers from the phone book to transfer to the server all the available messages, set the password to unlock the screen or lock screen specially formed window. So, after receiving the lock command, the Trojan downloads control server pre-prepared template text window, in which the victim is accused of illegal possession and distribution of pornography and require as a penalty to pay for a gift card of the music service iTunes.
It is noteworthy that Android.SmsSpy.88.origin locks work a number of antivirus programs and service utilities, not allowing them to start and “to resist”.
Starting in 2016, experts have gained access to more than 50 bot networks, which consisted of mobile devices infected with various modifications of Android.SmsSpy.88.origin. In the study it was found that cybercriminals have attacked users over 200 countries and the total verified number of infected devices reached nearly 40 000.