Security News > 2022 > June > New Android Banking Trojan 'Revive' Targeting Users of Spanish Financial Services
A previously unknown Android banking trojan has been discovered in the wild, targeting users of the Spanish financial services company BBVA. Said to be in its early stages of development, the malware - dubbed Revive by Italian cybersecurity firm Cleafy - was first observed on June 15, 2022 and distributed by means of phishing campaigns.
"The name Revive has been chosen since one of the functionality of the malware is restarting in case the malware stops working, Cleafy researchers Federico Valentini and Francesco Iubatti said in a Monday write-up."
Available for download from rogue phishing pages as a lure to trick users into downloading the app, the malware impersonates the bank's two-factor authentication app and is said to be inspired from open-source spyware called Teardroid, with the authors tweaking the original source code to incorporate new features.
Unlike other banking malware that are known to target a wide range of financial apps, Revive is tailored for a specific target, in this case, the BBVA bank.
Revive is mainly engineered to harvest the bank's login credentials through the use of lookalike pages and facilitate account takeover attacks.
The abuse of sideloading has not gone unnoticed by Google, which has implemented a new feature in Android 13 that blocks such apps from using accessibility APIs.
News URL
https://thehackernews.com/2022/06/new-android-banking-trojan-revive.html