The Chinese are spreading an Android Trojan with the help of base stations
Researchers from Check Point said about the ongoing malicious campaigns using Swearing banking Trojan for Android-devices. The main feature of the Trojan is the way to distribute it. Trojan gets on the device victims via text message with a link to a Trojan horse, sent from fake base stations.
The use of base stations to spread malware predicted by experts Avast in 2014, however, the practical application of this method is found only now. Currently using fake base stations applies only Swearing and only in China.
The first Trojan was discovered by specialists of the company Tencent. After the discovery followed a RAID by police and the authors of the Swearing was arrested. However, according to Check Point, as of March 2017 malicious campaign using the malware continues.
Like other banking Trojans, Swearing can steal payment card data and other sensitive information. In addition, the Trojan can bypass two-factor authentication. As a rule, applications for mobile banking users send the SMS message with one-time code that must be entered along with a password for authorization in the program. Swearing a substitute for legitimate applications to exchange messages and intercepts SMS, making two-factor authentication useless.
In addition to fake base stations, the Trojan is also distributed with the help of downloaders, embedded in malicious applications. Notably, Swearing does not connect to C&C server, and sends the data to the criminals via SMS or email.
© 2017, paradox. All rights reserved.