CypherRat, a new threat in the Android banking malware family


The family of banking malware on Android continues to grow. After Godfather, which we told you about a few weeks ago, a new malicious program is attracting the attention of security experts.

According to researchers from cybersecurity firm ThreatFabric, a new variant of SpyNote, a trojan active since 2016, is indeed experiencing some success. This is CypherRat, sold since the end of 2021 to cybercriminals.

Significant increase in attacks since October

Researchers have detected a dramatic increase in the number of SpyNote attacks since the October 2022 release of its source code. These campaigns seem to specifically target online banking apps. The malware impersonates legitimate banking apps, such as those from HSBC or Deutsche Bank, or impersonates popular Android apps like WhatsApp, Facebook and Google Play.

These fake apps are usually distributed through phishing campaigns. They deceive potential victims by directing them to websites that trick them into downloading a fake version of an application. It is actually this variant of the SpyNote malware which then infects their Android phone.

“The volume of samples we’re seeing, which has been on the order of hundreds per week since October 2022, indicates that malicious actors are having some success in this operation,” reverse-engineering specialist Lasha Khasaia told ZDNet. of Android malware at ThreatFabric.

Device control

After installation, the malware obtains permissions to use accessibility services and device administrative privileges. Which ultimately allows him to secretly control the smartphone while making it difficult for users to uninstall the app.

The main objective of this version of SpyNote is to steal banking information. For example, it presents a fake bank login page and uses a keylogger to secretly spy on entered usernames and passwords. The malware also exploits accessibility features to extract strong authentication codes.

It can also be used to track SMS messages, calls, videos and audio recordings. Finally, it can allow the installation of new applications, while having the ability to track the location of the device. The researchers note that while these tools aren’t necessarily related to bank fraud, they can provide attackers with additional information about the victim that they could sell or exploit to commit further fraud.

Threat of new variants

It is likely that this malware will continue to threaten Android users, as the code behind it is available for free. It is therefore possible that new variants appear. Smartphones occupy such an important place in our lives that they are a prime target for cybercriminals, who can access banking data, usernames, passwords and all kinds of sensitive information if they manage to compromise a device.

In the case of the latest SpyNote campaign, you can avoid infection by only downloading apps from official sources like the Google Play Store. You should also be wary of unexpected emails claiming to be from your bank, especially if they ask you to log in or download an app. It may then be a phishing attack and the message should be deleted.

If you are not sure of the veracity of a message received, you can check the reality of the alert directly on your bank account. However, do not come to this site via a link in an email, but by visiting the legitimate website.

Source: ZDNet.com





Source link -97