Cyber security firm Kaspersky Lab has warned Android users of a new malware, which is a variation of the Sypeng Trojan said to be targeting debit and credit cards as well as online banking credentials.
According to Kaspersky’s senior malware analyst Roman Unuchek, the Trojan phishes for credit card and online banking credentials continuing the “well established track record of monetary theft” from unsuspecting victims on the platform.
On its blog, the antivirus specialists said the malware was currently configured to mimic Russian banks as a mobile banking app and replaces the open window with its own to discover the password and has already spread to a number of countries including the United States, Germany, Belarus and Ukraine.
The app is said to target Google Play users with the Trojan overlapping Google’s windows with its own and asking users to add a credit card to the account when the Android online market is launched.
Kaspersky lists the software as of high commercial value to the criminals with more than 50 modifications of the software having been discovered.
“No doubt, we will see new versions of the Trojan that will able to steal from clients of various banks in multiple countries very soon,” said Unuchek. “The current version spread itself using SMS spam, but other variations might utilize another infection tactic.”
To avoid infection, Unuchek proposes users switch off “allow installation from unknown sources” in security settings, use Google Play, do not use untrusted third-party app stores, check every permission requested by a new app and consider if those permissions are reasonable for that type of app.
Users should also check app ratings, download counts and avoid applications with low ratings and a small number of downloads.
Image courtesy of Shutterstock