In Russia detected a new virus, Trojan for Android-devices, which is trying to attack their hosts accounts in Russian banks. This is stated in the message of “Doctor Web».
As explained “Lente.ru” in the company, the attack on the accounts of users is performed based on the commands received by the Trojan from the management server. At the same virus analysts “Doctor Web” was recorded attempt to attack a certain number of Russian credit organizations, whose names were not disclosed.
At the same time, the Trojan functionality allows users of any attack on payment systems and banks where supported the transfer of funds via SMS-messages, so it is possible that over time the number of goals change or even expand depending on the plans of cybercriminals.
The main danger of this malicious application is that it is able to perform illegal operations with funds of owners of Android-devices. Thus, the Trojan attempts to obtain information about the current balance of the bank account, or the list attached to the user’s mobile phone credit cards.
To do this, it sends an appropriate SMS-request to the mobile banking systems of several Russian banks, as well as one of the popular payment systems. If the Trojan will receive a reply, using specially created SMS-commands it will automatically attempt to withdraw cash on the account of the attacker. In this case the victim may long remain in the dark about the theft occurred, the virus is able to intercept and block SMS-notifications on completed transactions.
15:15 November 18, 2014
Also, a malicious program could help the cyber criminals to steal authentication credentials for the account online banking user by downloading the browser infected device simulates the appearance of the Internet portal bank fraudulent website where the victim will be asked to enter private information to login. As a result of this attack can be compromised all bank accounts of the owner of the infected Android-based device that can cause serious financial losses.
This Trojan spreads in the guise of various applications and can be installed on the smartphone or tablet just own it. In this case, the operating system settings must be enabled software from third-party sources.
When run, the malware tries to root the mobile device, which strongly demonstrates the appropriate system notice and actually prevents potential victim refuse to perform the requested action.
Next, the Trojan connects to a remote Internet node and the number of loads on him information about the infected mobile device. In response, the server sends the bot list of commands that he has to fulfill.