Security News > 2020 > April > Banking.BR Android Trojan Emerges in Credential-Stealing Attacks
"While our team has seen earlier versions of this trojan, which only featured a basic SMS stealer, new, and more elaborate, feature of the overlay malware capability - a tactic common to most Android banking malware."
"Abusing the Accessibility service on the device, a relatively common way for Android malware apps to keep tabs on which app is running in the foreground, [Banker.BR] waits for a match with the goal of launching overlay screens at the right time and context to fool the user into tapping their credentials into the overlay," said researchers.
Once the victim goes to a banking domain, the malware then deploys an overlay screen, which typically features the bank's logo and asks for the user's sign-in credentials.
BR is only the most recent overlay malware to be discovered targeting Portuguese- and Spanish-speaking countries.
Earlier in April, researchers warned of a remote overlay malware attack that leveraged a fake Chrome browser plugin to target the accounts of banking customers in Spain.
News URL
https://threatpost.com/android-banking-br-trojan-credential-stealing/154990/
Related news
- Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users (source)
- TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud (source)
- New Octo2 Android Banking Trojan Emerges with Device Takeover Capabilities (source)
- Czech Mobile Users Targeted in New Banking Credential Theft Scheme (source)
- Hackers steal banking creds from iOS, Android users via PWA apps (source)
- New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data (source)
- Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)