A fresh sophisticated piece of Android malware specifically designed to steal banking credentials is doing the rounds according to Kaspersky Lab solutions that detected the Trojan. The malware similar to banking Trojans spotted earlier uses phishing schemes designed to trick users into entering in their banking user ID and password.
"This morning, we encountered a gratuitous act of violence against Android users," said Kaspersky in a blog post. "By simply viewing their favourite news sites over their morning coffee users can end up downloading last-browser-update.apk, a banking Trojan detected by Kaspersky Lab solutions as Trojan-Banker.AndroidOS.Svpeng.q."
According to Kaspersky the Svpeng Trojan is dangerous not just because it can access banking credentials but also because it can intercept and delete text messages sent from banking institutions, besides sending texts as if from the bank. Normally banks send users an alert or notification when suspicious banking activity is detected but this malware has the capacity to delete such messages.
Besides, most banks have security protocols for internet banking transactions that require users to authenticate the transactions by codes sent through SMS. In this case the malware can intercept these messages sent by the bank thus giving potential hackers all the information they need to carry out fraudulent transactions.
The program gets downloaded via the Google AdSense advertising network, which is used by a host of sites, most popularly news sites, to display targeted advertising to users. The Trojan gets downloaded as soon as a user visits the page where the advert is. What's more, after installation and launch, it disappears from the list of installed apps on the user's device and requests the device's admin rights thus making it harder for any antivirus software to detect it.
For now, Kaspersky says the malware seems to be targeting users in Russia only but may spread fast.