Security News > 2022 > June > Android malware ‘Revive’ impersonates BBVA bank’s 2FA app
A new Android banking malware named Revive has been discovered that impersonates a 2FA application required to log into BBVA bank accounts in Spain.
The new banking trojan follows a more focused approach targeting the BBVA bank instead of attempting to compromise customers of multiple financial institutes.
Researchers at Cleafy discovered Revive and named it after a function of the same name used by the malware to restart itself if terminated.
According to Cleafy's analysts, the new malware targets prospective victims via phishing attacks, convincing them to download an application that is supposedly a 2FA tool required for upgraded bank account safety.
This phishing attack claims the 2FA functionality embedded into the actual bank app no longer meets the security level requirements, so users need to install this additional tool to upgrade their banking security.
Revive continues running in the background as a simple keylogger, recording everything the user types on the device and sending it periodically to the C2. Doing so will send the credentials to the threat actors' C2, and then a generic homepage with links to the real website of the targeted bank is loaded.
News URL
Related news
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Vo1d malware botnet grows to 1.6 million Android TVs worldwide (source)
- BadBox malware disrupted on 500K infected Android devices (source)
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (source)
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- New Crocodilus malware steals Android users’ crypto wallet keys (source)
- Counterfeit Android devices found preloaded With Triada malware (source)
- Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices (source)