Сейчас, сейчасВ приложениях из Google Play обнаружен опасный вирус
todaypost.ru — Сотрудники компании-владельца известного антивируса Dr.Web обнаружили, что около четырех сотен приложений в официальном магазине Google Play Market содержат в себе вирус под названием BankBot. Он крадет данные пользователя, необходимые для авторизации в банковских приложениях, а также сами данные карт
[censored]
----------------------
Doctor Web: Dangerous Android banking Trojan gains control over mobile devices
July 18, 2017
Doctor Web security researchers have examined a multipurpose banking Trojan named Android.BankBot.211.origin which forces users to grant it access to the Accessibility Service. The malicious program uses the Accessibility Service to control mobile devices and steal confidential bank customer information. When the Trojan was first observed, it was attacking only residents of Turkey. However, its list of objectives soon expanded, and now it threatens users in dozens of countries.
Android.BankBot.211.origin is distributed under the guise of benign programs, for example, as Adobe Flash Player. Once a user installs and launches the Trojan, the banker tries to gain access to the Accessibility Service. For this purpose, Android.BankBot.211.origin displays a window with a request that reappears at every attempt to close it and doesn’t allow the device to be used.
...
After a successful infection, the Trojan connects to its command and control service, registers the mobile device there, and awaits further commands. Android.BankBot.211.origin can execute the following actions:
- Send an SMS containing a specific text to the number specified in the command;
- Send to the server SMS data stored in the device memory;
- Forward to the server information about the installed applications, the contact list, and phone call data;
- Open the link specified in a command;
- Change the address of the command center.
- In addition, the malicious program tracks all incoming SMS and sends them to cybercriminals.
Besides the standard commands, cybercriminals can send the Trojan special orders. They contain encrypted information about the applications the banker is supposed to attack. Once Android.BankBot.211.origin receives such commands, it can:
- Display fake input forms for login credentials on top of launched banking programs;
- Display a phishing dialog asking users to input their bank card details (for example, when making a purchase on Google Play);
- Block the operation of anti-viruses and other applications that could interfere with the Trojan’s work.