Scammers spread banking Trojans under the disguise of Kaspersky Anti-Virus for Android
Specialists of the information security company Bitdefender warned that cybercriminals are distributing malware under the guise of popular Android applications from well-known companies.
The fake VLC player, Kaspersky Anti-Virus, and fake FedEx and DHL applications install the Teabot or Flubot banking Trojans on victims’ devices, which were first discovered earlier this year.
Teabot is capable of intercepting verification codes for logging into Google accounts, recording keystrokes on keyboards, displaying fake screens over real ones and, in some cases, taking full control of the device. The Flubot Trojan is somewhat simpler, but its functionality is sufficient to steal victims’ bank data, text messages, and other personal data. The malware also has the properties of a worm – it can spread automatically via SMS.
The fake apps discovered by the researchers are not listed on the Google Play Store and are only distributed through third-party stores.
“Distributing malware for Android devices is not easy, as the official store usually prevents such applications from reaching users’ devices. However, one of the biggest advantages of Android, the ability to download applications from unofficial sources, is also a disadvantage. Using various tricks, criminals can force users to install applications from an unofficial store, ”the researchers explained.
As of this writing, this malicious campaign is still ongoing.
Catch up on more articles here
Follow us on Twitter here