Experts Group-IB company engaged in predotvratit and the investigation of cybercrime and fraud, have reported a new threat hanging over the users of Android smartphones. The company has registered active spread of the new virus. His victims are customers of Russian banks using SMS-banking. Method of infection, which uses malicious program once again shows that the main threat to the security of the Android system is the user.
The infected device starts with the usual MMS. The user receives a message from someone from his list of contacts containing the link. The text of the message so that suspect something wrong unshod the user is difficult: sender listed familiar, and the text contains a personal appeal.
By clicking on the link, the user goes to the site, where it is said that he can see the photos by clicking on a new link. The attackers prepared in the same manual how to enable installing third party apps from unknown sources.
After that, the device downloaded the APK file, which supposedly need to install. During installation the program asks for several permissions, including sending SMS messages. Icon the app itself is almost completely transparent, so that many may not even notice. After that, the malware replaces the standard app for sending SMS messages.
The next step, the program asks for permission to send paid messages.
It is clear that after that, from the accounts of users begin to disappear in an unknown direction money. The user remains in the dark because the program intercepts incoming SMS about write-off from the Bank.
“This threat is aimed at Android users — Bank customers using SMS banking, and mobile banking applications. Characteristically, the antivirus programs installed on the victims ‘ phones, nor on one of the stages of the virus has not been detected the application as malware (and continue not to detect). Antivirus in this situation simply does not help,” — said Rustam Mirkasymov, head of dynamic analysis of malicious code Group-IB.
To avoid becoming a victim of fraud, experts recommend not clicking links from messages, even if they are derived from familiar people. Also you should always check the permissions apps are requesting, and do not install anything from unknown sources. If your device is already infected, the staff of Group-IB suggest to copy all the data and reset the gadget to factory settings, if you entered credit card information on fake websites, it should be set to block.