The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: android banking trojan

New Android Malware Now Steals Passwords For Non-Banking Apps Too

New Android Malware Now Steals Passwords For Non-Banking Apps Too

July 16, 2020Ravie Lakshmanan
Cybersecurity researchers today uncovered a new strain of banking malware that targets not only banking apps but also steals data and credentials from social networking, dating, and cryptocurrency apps—a total of 337 non-financial Android applications on its target list. Dubbed " BlackRock " by ThreatFabric researchers, which discovered the trojan in May, its source code is derived from a leaked version of Xerxes banking malware, which itself is a strain of the LokiBot Android banking trojan that was first observed during 2016-2017. Chief among its features are stealing user credentials, intercepting SMS messages, hijacking notifications, and even recording keystrokes from the targeted apps, in addition to being capable of hiding from antivirus software. "Not only did the [BlackRock] Trojan undergo changes in its code, but also comes with an increased target list and has been ongoing for a longer period," ThreatFabric said. "It contains an important nu
New Android Malware Steals Banking Passwords, Private Data and Keystrokes

New Android Malware Steals Banking Passwords, Private Data and Keystrokes

April 30, 2020Ravie Lakshmanan
A new type of mobile banking malware has been discovered abusing Android's accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and hijack SMS-based two-factor authentication codes. Called "EventBot" by Cybereason researchers, the malware is capable of targeting over 200 different financial apps, including banking, money transfer services, and crypto-currency wallets such as Paypal Business, Revolut, Barclays, CapitalOne, HSBC, Santander, TransferWise, and Coinbase. "EventBot is particularly interesting because it is in such early stages," the researchers said. "This brand new malware has real potential to become the next big mobile malware, as it is under constant iterative improvements, abuses a critical operating system feature, and targets financial applications." The campaign, first identified in March 2020, masks its malicious intent by posing as legitimate applications (e.g., Adobe Fl
Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild

Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild

December 02, 2019Swati Khandelwal
Cybersecurity researchers have discovered a new unpatched vulnerability in the Android operating system that dozens of malicious mobile apps are already exploiting in the wild to steal users' banking and other login credentials and spy on their activities. Dubbed Strandhogg , the vulnerability resides in the multitasking feature of Android that can be exploited by a malicious app installed on a device to masquerade as any other app on it, including any privileged system app. In other words, when a user taps the icon of a legitimate app, the malware exploiting the Strandhogg vulnerability can intercept and hijack this task to display a fake interface to the user instead of launching the legitimate application. By tricking users into thinking they are using a legitimate app, the vulnerability makes it possible for malicious apps to conveniently steal users' credentials using fake login screens, as shown in the video demonstration. "The vulnerability allows an attacke
Cerberus: A New Android 'Banking Malware For Rent' Emerges

Cerberus: A New Android 'Banking Malware For Rent' Emerges

August 13, 2019Swati Khandelwal
After a few popular Android Trojans like  Anubis ,  Red Alert 2.0 ,  GM bot , and Exobot, quit their malware-as-a-service businesses, a new player has emerged on the Internet with similar capabilities to fill the gap, offering Android bot rental service to the masses. Dubbed " Cerberus ," the new remote access Trojan allows remote attackers to take total control over the infected Android devices and also comes with banking Trojan capabilities like the use of overlay attacks, SMS control, and contact list harvesting. According to the author of this malware, who is surprisingly social on Twitter and mocks security researchers and antivirus industry openly, Cerberus has been coded from scratch and doesn't re-use any code from other existing banking Trojans. The author also claimed to be using the Trojan for private operations for at least two years before renting it out for anyone interested from the past two months at $2000 for 1 month usage, $7000 for 6 months and
Cybercriminals Hijack Router DNS to Distribute Android Banking Trojan

Cybercriminals Hijack Router DNS to Distribute Android Banking Trojan

April 16, 2018Swati Khandelwal
Security researchers have been warning about an ongoing malware campaign hijacking Internet routers to distribute Android banking malware that steals users' sensitive information, login credentials and the secret code for two-factor authentication. In order to trick victims into installing the Android malware, dubbed Roaming Mantis , hackers have been hijacking DNS settings on vulnerable and poorly secured routers . DNS hijacking attack allows hackers to intercept traffic, inject rogue ads on web-pages and redirect users to phishing pages designed to trick them into sharing their sensitive information like login credentials, bank account details, and more. Hijacking routers' DNS for a malicious purpose is not new. Previously we reported about widespread DNSChanger and Switcher —both the malware worked by changing the DNS settings of the wireless routers to redirect traffic to malicious websites controlled by attackers. Discovered by security researchers at Kaspersk
BankBot Returns On Play Store – A Never Ending Android Malware Story

BankBot Returns On Play Store – A Never Ending Android Malware Story

November 20, 2017Mohit Kumar
Even after so many efforts by Google for making its Play Store away from malware, shady apps somehow managed to fool its anti-malware protections and infect people with malicious software. A team of researchers from several security firms has uncovered two new malware campaigns targeting Google Play Store users, of which one spreads a new version of BankBot , a persistent family of banking Trojan that imitates real banking applications in efforts to steal users' login details. BankBot has been designed to display fake overlays on legitimate bank apps from major banks around the world, including Citibank, WellsFargo, Chase, and DiBa, to steal sensitive information, including logins and credit card details. With its primary purpose of displaying fake overlays, BankBot has the ability to perform a broad range of tasks, such as sending and intercepting SMS messages, making calls, tracking infected devices, and stealing contacts. Google removed at least four previous versions
Red Alert 2.0: New Android Banking Trojan for Sale on Hacking Forums

Red Alert 2.0: New Android Banking Trojan for Sale on Hacking Forums

September 19, 2017Swati Khandelwal
The Recent discoveries of dangerous variants of the Android banking Trojan families, including Faketoken , Svpeng , and BankBot , present a significant threat to online users who may have their login credentials and valuable personal data stolen. Security researchers from SfyLabs have now discovered a new Android banking Trojan that is being rented on many dark websites for $500 per month, SfyLabs' researcher Han Sahin told The Hacker News. Dubbed Red Alert 2.0 , the Android banking malware has been fully written from scratch, unlike other banking trojans, such as BankBot and ExoBot, which were evolved from the leaked source code of older trojans. The Red Alert banking malware has been distributed via many online hacking forums since last few months, and its creators have continuously been updating the malware to add new functionalities in an effort to make it a dangerous threat to potential victims. Malware Blocks Incoming Calls from Banks Like most other Android b
Dangerous Mobile Banking Trojan Gets 'Keylogger' to Steal Everything

Dangerous Mobile Banking Trojan Gets 'Keylogger' to Steal Everything

August 01, 2017Swati Khandelwal
Cyber criminals are becoming more adept, innovative, and stealthy with each passing day. They have now shifted from traditional to more clandestine techniques that come with limitless attack vectors and are harder to detect. Security researchers have discovered that one of the most dangerous Android banking Trojan families has now been modified to add a keylogger to its recent strain, giving attackers yet another way to steal victims sensitive data. Kaspersky Lab's Senior malware analyst Roman Unuchek spotted a new variant of the well-known Android banking Trojan, dubbed Svpeng , in the mid of last month with a new keylogger feature, which takes advantage of Android's Accessibility Services. Trojan Exploits 'Accessibility Services' to Add Keylogger Yes, the keylogger added in the new version of Svpeng takes advantage of Accessibility Services — an Android feature that provides users alternative ways to interact with their smartphone devices. This change makes
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.