Security News > 2020 > April > Banking.BR Android Trojan Emerges in Credential-Stealing Attacks
"While our team has seen earlier versions of this trojan, which only featured a basic SMS stealer, new, and more elaborate, feature of the overlay malware capability - a tactic common to most Android banking malware."
"Abusing the Accessibility service on the device, a relatively common way for Android malware apps to keep tabs on which app is running in the foreground, [Banker.BR] waits for a match with the goal of launching overlay screens at the right time and context to fool the user into tapping their credentials into the overlay," said researchers.
Once the victim goes to a banking domain, the malware then deploys an overlay screen, which typically features the bank's logo and asks for the user's sign-in credentials.
BR is only the most recent overlay malware to be discovered targeting Portuguese- and Spanish-speaking countries.
Earlier in April, researchers warned of a remote overlay malware attack that leveraged a fake Chrome browser plugin to target the accounts of banking customers in Spain.
News URL
https://threatpost.com/android-banking-br-trojan-credential-stealing/154990/
Related news
- TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Google fixes two Android zero-days used in targeted attacks (source)