Banking trojan found in call recorder app on Play Store – stole over €10,000

Banking trojan found in call recorder app on Play Store - stole over €10,000

Android is one of the most vulnerable mobile operating systems with hackers developing new Android malware and banking trojan every 17 seconds. Then, there is Google and questionable security measures to protect users from sophisticated and persistent malware attacks.

Recently, Lukas Stefanko, an IT security researcher at ESET has discovered a nasty piece of banking trojan targeting unsuspected Android users on Play Store. The trojan was downloaded and installed by over 10,000 users and so far stole more than €10,000 (£8,916 – $11,730).

According to Stefanko’s analysis, the trojan was equipped with bypassing SMS two-factor authentication (2FA) capability and targeted banks and users in Germany, Poland, and the Czech Republic. 

One of the malicious apps which Stefanko found was QRecorder, an app claiming to record incoming and outgoing calls on the device. In reality, “it would request the user to allow it to draw over other apps as necessary functionality for the app to work properly. However, this functionality helps the malware to control what is displayed to the user, Stefanko noted.

 

Upon gaining access, the trojan would collect data and send it to the command and control center (C&C) operated by attackers within 24 hours. Stefanko further found that attackers were using Firebase messages to interact with the targeted device. Moreover, upon identifying the banking app on the device the trojan would download payload after asking the user to enable “Accessibility Service.” 

Banking trojan found in call recorder app on Play Store - stole over €10,000

“Once the payload is downloaded it sets triggers for legitimate banking apps,” wrote Stefanko. “If one of the targeted apps is launched it would create similar like looking activity that overlays official app demanding credentials.”

What makes this trojan special is that attackers created different payloads for different banking apps. However, at the time of publishing this article; the malicious QRecorder app was removed from Play Store.

If you are an Android user avoid downloading unnecessary apps from Play Store and third-party platforms. It is important to keep your device updated, install an anti-virus software and scan it on daily bases. 

Here is a list of 10 powerful but not yet promoted antivirus for PC, Mac, Android, and iPhone. Stay safe online.

Total
0
Shares
Related Posts