Experts have found mobile banking Trojan for Android that steals passwords of Bank applications masquerading as applications with the weather. The program is housed in the official Google Play app store.
During installation the app requests the user extended rights in the system. After the completion of the Trojan displays a desktop widget with the weather, “borrowed” from legitimate app. In parallel, information about the device transmits in the background on the command server.
So, the Trojan recognizes popular banking apps, collects logins and passwords by using fake entry forms and sends this data to its operators. Function intercept text messages allows you to bypass two-factor authentication based on SMS. In addition, the program can lock and unlock the screen of the device from the intruders ‘ command, changing the password – presumably this function is used at the time of debiting the account to hide the theft from victims.
The first version of the Trojan was discovered in Google Play on 4 February. Then the program searched for one of the 22 banking applications used in Turkey. Two days later the program was removed from the store, but on 14 February she returned under the name of World Weather. And this time the number of interesting Trojan banking applications has increased to 69. Affected not only users in many countries.
Soon after the discovery of the World Weather again removed from Google Play.