Android-Trojan steals money from accounts of users who use hacked apps
Researchers at Doctor Web” reported the appearance of a new banking Trojan for the Android OS, attacking users hacked mobile applications. The Malware Android.BankBot.104.origin is distributed by cyber criminals under the guise of FOR to hack games and cheats.
The operators of the Trojan placed on his fraudulent web sites offering information about more than 1000 popular games. These resources are digitally signed, so do not arouse suspicion among most users. When trying to download from the website of a particular application the victim is redirected to another fraudulent website that distribute Android.BankBot.104.origin under the guise of the cracked software for games or cheat programs.
Trojan installs on smartphones and tablets victims as an application under the name of “NAIC” after launching and trying to access the administrator functions of the device. Then the Trojan deletes its icon from the app list on the main screen.
Next, the malware detects the presence of connection of mobile banking services, as well as accessibility to any cash accounts. With this purpose, the Trojan sends a SMS command message to the corresponding banking systems. In the case of money, the Trojan quietly transfers them to the accounts of criminals.
In addition, cyber criminals can remotely control the bunker. So, a command and control server, the Trojan is able to enable forwarding of calls to a specified number, to hide from the user of incoming messages and to intercept their contents, send SMS, send USSD queries, as well as some other actions.