You will also be interested
[EN VIDÉO] What is a cyberattack? With the development of the Internet and the cloud, cyberattacks are becoming more frequent and sophisticated. Who is behind these attacks and for what purpose? What are the methods of hackers and what are the most massive cyberattacks?
A little hungry… and an empty bank account… It is, among other things, through the Polish version of a fake site of a meal delivery application that a Trojan horse comes to seize the bank details of his victims. The malware detected by the cybersecurity company Eset, is no stranger. This is Ermac in a revisited version. This virus was one of those that plagued the Play Store android at the end of last year.
This new version is introduced on mobile from the moment you click on a malicious link. As in our example, it could be the imitation of the Polish version of Bolt Foot, a fast food chain, for example. But, in all cases, the vector that allows the victim to click on the link is an email from phishingmalicious publications on social networksor spoofed advertising.
The objective is to have the application downloaded directly to the mobile so that it can escape Play’s security systems. store. When the app is downloaded, it will ask for permissions allowing it to access full control of the smart phone. Then the application will look for the apps with which users are accustomed to making payments directly.
Android 11 and 12 strengthen protection
It even attacks many banking applications from around the world. It keeps 467 of them in memory, of which it knows how to clone the interface, that’s almost a hundred more applications than at the beginning of the year. Then, to loot the bank account, the victim just needs to use one of these applications. Instead of entering identifiers on the application, it is on a wrong page cloned that we are going to enter his sesames and his bank details.
In addition to many popular applications, the Trojan is also capable of stealing cryptocurrency wallets. Ermac is on the darknet and acquiring it now costs $5,000 for a hacker. It’s $2,000 more than its first version, which means it’s worth the investment for hackers. But there is still a catch in this well-oiled mechanism, because with versions 11 and 12 of Android, the security integrated comes to prevent an accessibility setting essential for the deception to work.
Android: watch out for these apps that steal your bank details
For four months, twelve Android applications had thwarted the protections of the Play Store. They made it possible to collect personal data including banking information. They were very difficult to detect. Google removed them.
Article by Sylvain Biget, published on 01/12/2021; mamended on 01/25/2022
They are twelve in number and took time to be discovered by cybersecurity researchers from ThreatFabric. This is a bundle of apps from the Play store for Android spoofed. They passed through the security systems. Downloaded more than 300,000 times for four months, they contained banking Trojan horses that came to siphon Passwords users and the codes oftwo-factor authentication.
The strikes at keyboard were also noted and the malware also took advantage of this to take screenshot. Apps that seem virtuous, like a scanner QR codesor for create PDFsor management of cryptocurrencycontained up to four families of malware. The researchers had a hard time detecting the harmful load of these applications and it is precisely thanks to this weak signature that they passed under the radars of Google’s automatic detection systems. It should be noted that it was after the installation of the application that the payloads were repatriated in the form of updates from sources other than the Play Store.
Updates to install malware
The creators of this malware are clever since, in order not to attract attention, the installation of the malicious code was not systematic and they only targeted certain geographical areas. Likewise, the applications had all theair to be legitimate and had positive opinions. They functioned normally and normally performed the task for which they had been designed. the Trojan horse bank with the most operations gate Anatsa’s name. The other three are called Alien, Hydra and Ermac. All were inoculated via a module called Gymdrop. By not systematically looking for the payload, it was he who made it possible not to attract the attention of the security systems.
While last week, nine million smartphones have been contaminated by an application present on the AppGallery of Huaweimalware detection is still one of the main concerns in application stores especially at Google. Over the past ten years, many infected applications have found their way into the Play Store. They are removed immediately upon being detected; but, as this example shows, despite advanced protection systems, hackers are always one step ahead to fool them.
Do you want to access Futura without being interrupted by advertising?
Discover our online subscriptions and browse without ads! At this moment, the Mag Futura is offered for a 3-month subscription to the subscription “I participate in the life of Futura”!
What is Mag Futura?
- Our first paper journal of more than 200 pages to make science accessible to as many people as possible
- A dive into the heart of 4 scientific themes that will mark 2022, from the Earth to the Moon
*Mag Futura is sent after the third month of registration.
Interested in what you just read?