New Malware Targets Android Banking Apps, Cybersecurity Group Says

September 7th, 2016 by Mark Daly in Industry News No Comments »

Cybersecurity researchers said they have discovered a new type of malicious software that circumvents security features on version 6 of the Android mobile-phone operating system, allowing criminals to infiltrate banking apps and steal credit-card details.

Kaspersky Lab, which tracks the activity of cyber threats, said the so-called malware seeks to steal a phone user’s details by creating an overlay screen on authentic mobile-banking apps and the Google Play Store app. The malware attacks version 6 of the Android operating system that was launched in late 2015 with security features that were aimed at blocking such attacks.

Android is the mobile-operating system developed by Google, a unit of Alphabet Inc. It is the world’s dominant mobile operating system with nearly 80% of the global market. A spokesman didn’t have an immediate comment.

Kaspersky said the discovery represents a modification of Trojan malware called Gugi that has been attacking all versions of the Android operating system. A Trojan is malware that appears to be legitimate software.

The Wall Street Journal reported last month that cyberthieves are using similar types of malware to steal user credentials when consumers open banking apps on their mobile phones.

Kaspersky said it detected the modification in the Gugi malware in June, six months after the malware family was first discovered. The cybersecurity firm announced the new malware type Tuesday in a news release and in a blog post on its website.

The Gugi malware typically infects mobile phones through a text message that encourages the user to click on a link. The malware mainly steals text-message access because many banks send text messages to users as a second type of authentication for transactions.

Kaspersky said the malware essentially tricks the user by installing a message that says “additional rights needed to work with graphics and windows.” The user is only given one option: to click on a button that says “provide.”

The malware then goes through additional steps in which it receives more of the user’s information. If it doesn’t receive everything it needs, it will block the device, forcing the user to go through the difficult process of trying to remove the malware.

“Cybercriminals are relentless in their attempts to find ways around this, and the security industry is equally busy making sure they don’t succeed,” said Roman Unucheck, a senior malware analyst at Kaspersky.

Most of the instances of Gugi attacks have been in Russia, but the U.S. is among the top five countries that are affected by the malware, Kaspersky said.


Leave a Reply

You must be logged in to post a comment.

NEED MORE INFORMATION?Contact us to see how we can help your business

Call our Sales Team on:

+44 (0)121 289 3434

or email us at: