Security News > 2020 > April > Banking.BR Android Trojan Emerges in Credential-Stealing Attacks
"While our team has seen earlier versions of this trojan, which only featured a basic SMS stealer, new, and more elaborate, feature of the overlay malware capability - a tactic common to most Android banking malware."
"Abusing the Accessibility service on the device, a relatively common way for Android malware apps to keep tabs on which app is running in the foreground, [Banker.BR] waits for a match with the goal of launching overlay screens at the right time and context to fool the user into tapping their credentials into the overlay," said researchers.
Once the victim goes to a banking domain, the malware then deploys an overlay screen, which typically features the bank's logo and asks for the user's sign-in credentials.
BR is only the most recent overlay malware to be discovered targeting Portuguese- and Spanish-speaking countries.
Earlier in April, researchers warned of a remote overlay malware attack that leveraged a fake Chrome browser plugin to target the accounts of banking customers in Spain.
News URL
https://threatpost.com/android-banking-br-trojan-credential-stealing/154990/
Related news
- New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials (source)
- New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades (source)
- How New AI Agents Will Transform Credential Stuffing Attacks (source)
- Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- Australian pension funds hit by wave of credential stuffing attacks (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)