Researchers are sounding the alarm about a new Android malware, specifically a banking Trojan. The research comes from IBM’s X-Force, who discussed the nature of the banking Trojan (dubbed “Banker.BR”) in a blog post. According to researchers, the Banker.BR Trojan is built from the source code of SMSstealer.BR.
Furthermore, Banker.BR appears to solely target users that speak Spanish and Portuguese. The highest concentrations of infections appear to be localized in Spain, Portugal, and Brazil, but much of Latin America has also seen infections as well.
The Banker.BR Trojan is spread via phishing messages that redirect to a malicious web page. This web page, as one might guess, has the user download the Trojan’s payload (under the guise of being a “security update”). This supposed security update is also mentioned in the initial phishing message that lures victims.
It should be noted that to download this Android malware, users must allow third-party applications. This should be the automatic alarm bell for users, but unfortunately, this is not enough. Google Play has its issues with Android malware, but the rate of infection is always increased when using unvetted third-party sources. The download page looks authentic enough to fool individuals, and as a result, they infect themselves.
As is the case with Trojans of this nature, Banker.BR is used to profit monetarily off of victims. How it does this is via credential-stealing which, according to IBM X-Force, is accomplished as follows:
In its current state, this malware can enable phishing via an overlay attack, thereby stealing users’ online banking credentials, it can allow the attacker to take over users’ bank accounts, and it can enable the theft of two-factor authentication (2FA) codes sent via SMS. These elements can help attackers complete fraudulent transactions from victims’ bank accounts.
In case it wasn’t made obvious earlier on, to prevent infection from Banker.BR you must simply resist phishing messages. If you are prompted to download something from unknown sources, don’t do it. Trojans like Banker.BR are a lot easier to avoid than some may think. You just need commonsense security strategies.
Featured image: Flickr / BenjaminThompson