An advanced phishing campaign that distributes a newly identified malware variant called Applite Banker has been discovered.
Security researchers from Zimperium’s ZLABS identified the malware as an updated version of the Antidot Banking Trojan.
The campaign, which mainly focuses on Android devices, uses advanced social engineering techniques to steal references and compromise devices used for both personal and business purposes.
Most important tactics used in the campaign
“This latest mobile-oriented phishing campaign is an advanced evolution of techniques that can be seen for the first time in Operation Dream Job, now adapted for the mobile era,” noted Stephen Kowski, Field CTO at SlashNext.
“While the original operation Dream Job LinkedIn – messages and malignant appendices used Target Job seekers in the defense and space sectors, today’s attacks have been extended to utilize mobile vulnerabilities through fraudulent application pages and Banketrojans.”
In fact, the attackers of applications such as recruiters or HR representatives from well-known companies pose to mislead victims. Phishing -e -mails designed to imitate legitimate vacancies, offers direct users to fake fake wall pages. These sites then deceive users to download a fraudulent CRM application, which serves as a dropper to install the application malware.
Once installed, the malware makes a series of malignant activities possible:
-
Theft of the reference Aim on banking, cryptocurrency and financial apps
-
Abuse of Accessibility services For screen overlays and self -proposals
-
Remote control Via Virtual Network Computing (VNC)
-
Use of Deceptive overlays To harvest user references
Zimperium researchers discovered that the malware focuses on 172 applications, including financial platforms and crypto portfolios, and using advanced tools to manipulate the functionality of the device and intercept sensitive information.
To bypass detection, applite zip file manipulation uses to confuse security aids and to enclose malignant scripts in HTML -Overlays. With these methods it cannot be detected by many conventional analysis tools.
Read more about cyber security -challenges in the financial sector: App -Fraud has been selected as the biggest threat to financial crime
The range of the malware extends to users who are skilled in English, Spanish, French, German, Italian, Portuguese and Russian, with a focus on regions where targeted apps are popular. The ability to steal lock screen references and automate screen is particularly worrying, so that attackers are assigned almost total control of infected devices.
Softening the threat
Security researchers emphasized the importance of proactive defenses to detect and neutralize Zero-Day threats such as them.
“Since mobile devices have become essential for business activities, protecting them is crucial, especially to protect against the wide variety of different types of phishing attacks, including these advanced mobile phishing attempts,” Patrick Tiquet, vice-president of security and architecture security, explained.
“Organizations must implement the Robust Mobile Device Management (MDM) policy and ensure that both companies issued and BYOD devices meet security standards. Regular updates for both devices and security software will ensure that vulnerabilities are immediately patched against known threats on mobile users.”
Update, a Google spokesperson sent the follow -up statement to Infosecurity on December 13.
“Op basis van onze huidige detectie zijn er geen apps met deze malware te vinden op Google Play. Android -gebruikers worden automatisch beschermd tegen bekende versies van deze malware door Google Play Protect, die standaard is op Android -apparaten met Google Play Services. Google Play Protect kan gebruikers waarschuwen of apps blokkeren die bekend zijn om kwaadaardig gedrag te vertonen, die bekend zijn om kwaadaardig gedrag te vertonen, zei dat die apps buiten de bronnen zijn buiten de Play, “A Google Spokesers.