Security researchers from Kaspersky Lab discovered a new piece of Android malware designed to steal your banking credentials and even pretend it’s your bank in a sophisticated way.
All in all, the malware in the basic terms is similar to other variants. However, it stands out with its ability to intercept and delete sent messages from banking institutions.
This can create a massive impact on online banking users since even if the bank notifies them about the new malicious banking activity, the new malware can delete or customize the message leaving the users unaware that they may soon become a victim and loose a bunch of money.
Some banks practice sending alerts via SMS to users in order to authenticate some unusual banking activity on their accounts.
In Russia, it’s the worst case since the malware can offset any mobile security solution that is popular in Russia and installed on your phone in order to finalize the infection path.
You can download the malware from anywhere without being aware of it
It hides everywhere and it can be downloaded via Google AdSense advertising network, which means – Watch Out! Lot of sites, new, old, good and bad use this network to display advertising and the Trojan hides right there.
The Trojan is downloaded as soon as a page with the advert is visited
Android users are always a target due to the openness of the system. However, it came to a point where Android users can’t even Google around and look out for some great sites or great news because the malware is in there aaaand Voila – you have downloaded last-browser-update.apk, a banking Trojan detected by Kaspersky Lab solutions as Trojan-Banker.AndroidOS.Svpeng.q.
The scary part-you don’t even notice that you have downloaded it since it doesn’t require any kind of following confirmation or link clicks.
Even though till now the effects are seen in Russia only, it doesn’t assure us that it will not spread to other countries as well.
Download an Android anti-keylogger and stay worry free. Nothing can bypass that!