Say goodbye to recording calls on Android, Google wants to check it for good
„The Trojan horse Andreed showed a stable number of detections in May. It is an adware that displays aggressive unsolicited advertising. Its presence on the phone then manifests itself by popping up a large number of advertising windows in the application and slowing down the performance of the device. However, it can also collect information about our behavior or link to dangerous websites, where there is already a real risk that we will download far more dangerous malware to the device,”Says Martin Jirkal, head of the analytical team at the Prague branch of ESET Research.
In May, the Czechia faced a wave of fake applications, spreading banking malware
In more than a tenth of cases, security experts also discovered the banking Trojan horse Spy.Banker.ASS, which spread via the dropper Agent.IVA. Dropper is a type of malicious code that, like an envelope, delivers other malware secretly to the device, so lower quality security programs may not detect it at all. In addition, droppers often disguise themselves as fake versions of known applications and tools, and very often change their appearance.
Experts have discovered a dangerous virus. To open it, just open the document in Word
„In the case of the spread of the bank Trojan horse Spy.Banker.ASS, we identified a number of fake applications in May. Banking malware, for example, hid in a fraudulent version of the Turkish media player Temel Video Player or an application from DHL. We also found it in one voicemail application for sending voice messages or in an application to control a smart watch,“Says Jirkal. The moment a banking malware infects a smartphone, it takes virtually all control over it.
„Spy.Banker.ASS has all the features typical of banking malware. It can read SMS messages and monitor calls, record the device screen, and thus record our activities. It can access storage and accessibility services. The malicious code then uses these services to obtain all other permissions. This will prevent users from uninstalling the malicious application they downloaded the malware with. Ultimately, the bank Trojan horse will do what it was meant to do – steal the login details to the bank account,“Explains Jirkal.
Smartphone security is essential
Bank Trojans are a long-feared threat to the Android platform in the Czech Republic. Attackers often spread them through droppers and rely on the fact that the abused names of well-known applications, which they offer in unofficial stores for free as part of some other software package, motivate users to download.
Beware, the new Trojan horse steals sensitive data directly from the banking application
„If banking malware infects our device and we do not have it protected by any security program, we do not use an official banking application and we do not lock or confirm operations on the device using biometric data, ie fingerprint or face recognition, the way to steal our funds is easy for attackers.“Says Jirkal and adds:”In May, we saw how attackers used a variety of tools to spread malware. Therefore, if a user does not download trusted applications from official stores, such as the Google Play Android platform, they are not able to safely identify which applications may contain malware and which may not.“To fully secure your Android smartphone, it is important to regularly update the operating system and all the applications on your device and use high-quality security software.
The most common cyber threats in the Czech Republic for the Android platform in May 2022:
- Android/Andreed trojan (33,37 %)
- Android/TrojanDropper.Agent.IVA trojan (13,96 %)
- Android/Triada trojan (2,79 %)
- Android/TrojanDropper.Agent.GKW trojan (2,21 %)
- Android / TrojanDropper.Agent.JDU trojan (1.97%)
- Android/Spy.Cerberus trojan (1,97 %)
- Android/Spy.Agent.CBT trojan (1,69 %)
- Android/TrojanDownloader.Agent.WI trojan (1,25 %)
- Android/TrojanDropper.Agent.IDL trojan (1,11 %)
- Android / TrojanDropper.Agent.DER trojan (1.11%)