An android malware variant is targeting customers of EU banks as well as some popular Android apps, in hopes of accessing login credentials. The malware, dubbed SpyLocker, was previously identified as masquerading as a flash player app for Android and targeted banks in Australia, New Zealand and Turkey. However, security researchers have now noticed that the new variant of the malware has focused on targeting customers of European banks.
Intel Security, which first identified SpyLocker, has unveiled a new wave of attacks which resort to phishing tactics in efforts to infect users' systems. The attacks employ either the same fake flash player for Android app or a fake Android system update app, using compromised Wordpress and Joomla sites to distribute malware impersonating a "porn player".
Intel Security malware researcher Carlos Castillo said: "In addition to the hacked websites distribution method, SpyLocker uses adult sites to lure users and trigger the automatic download of the malware. SpyLocker also monitors the execution of Google and popular apps such as Instagram and eBay to display the Google phishing overlay, which now attempts to get more than just the email and password of the Google account."
Castillo also noted that this variant of SpyLocker has a few similarities with another Android malware called Police Locker, which was active in 2014. SpyLocker is currently targeting customers of banks in the UK, France and Poland. Castillo explains that exploits necessary to target banks in Russia have also been discovered and plans to target banks in Italy were found, although definite exploits are yet to be implemented within the variant.
Intel Security noted that after gaining access to user data, the malware constantly sends encrypted data to a remote server, along with details about the hacked device. The malware is also capable of obtaining administrative controls over the device, which it tricks users into giving up after it has been downloaded.
How to protect yourself from Android malware
Android banking Trojans such as SpyLocker are constantly evolving, adding new targets and distribution methods, and improving their phishing techniques to obtain even more data that will allow cybercriminals to perform fraudulent electronic transactions. To protect yourself from this threat, employ security software on your mobile, and remember that Android updates are not delivered via APK files automatically downloaded when you visit a website. Further, users should not trust applications downloaded from unknown sources," advises Castillo.