Security News > 2022 > June > Android malware ‘Revive’ impersonates BBVA bank’s 2FA app
A new Android banking malware named Revive has been discovered that impersonates a 2FA application required to log into BBVA bank accounts in Spain.
The new banking trojan follows a more focused approach targeting the BBVA bank instead of attempting to compromise customers of multiple financial institutes.
Researchers at Cleafy discovered Revive and named it after a function of the same name used by the malware to restart itself if terminated.
According to Cleafy's analysts, the new malware targets prospective victims via phishing attacks, convincing them to download an application that is supposedly a 2FA tool required for upgraded bank account safety.
This phishing attack claims the 2FA functionality embedded into the actual bank app no longer meets the security level requirements, so users need to install this additional tool to upgrade their banking security.
Revive continues running in the background as a simple keylogger, recording everything the user types on the device and sending it periodically to the C2. Doing so will send the credentials to the threat actors' C2, and then a generic homepage with links to the real website of the targeted bank is loaded.
News URL
Related news
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- TrickMo malware steals Android PINs using fake lock screen (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Cyber crooks push Android malware via letter (source)