Posted on August 3, 2017 at 12:57 PM
Android users, beware once again – a new type of malware is attacking your smartphones of choice. This latest malware is presenting itself as a Flash player update and goes after your banking information and credit card details.
SophosLabs’ security researchers were the ones that discovered this latest attack and identified it as Andr/Banker-GUA or Invisible Man, which is a variation of a notorious banking malware dubbed Svpeng that attacked Android devices.
The original malware was developed by Russian hackers, and this new version has an extra threat which lacked in the original – a keylogger that keeps track of everything a victim types on their infected devices. This can include everything from personally identifiable information, passwords and even banking credentials.
Pretending to be a Flash update, the malware sneakily gets into the victim’s device. It appears on the screen offering a new version of the software that already has a bad reputation for attracting malicious attacks.
Once the user accepts the “update” being installed, the malware checks the language set on the phone. In case the language is set to Russian, the malware doesn’t do anything, but any other language then triggers the malware to ask for permission to use accessibility services. If your Flash update asks you to grant it access to this, please note that this is not an actual Flash update and do not allow it.
Because if you do, Invisible Man will start attacking, and the steps of the attack include creating an invisible overlay atop a user’s keyboard that allows the malicious software to record keystrokes entered by the user.
It will also install an SMS app that will replace your default SMS app, giving access to victim’s conversation as they type messages to their friends. But this is nothing compared to the risk that comes with the malware stealing your login credentials and personal information.
The tricky malware has its way to make the victims give away their credit card information directly to the attacker by creating overlay when a user tries to open Google Play Store app. It will ask for credit card number of the card associated with a user’s account. While the menu looks genuine, it will provide the information to the attacker.
Android users, as well as those of other operating systems, are highly advised to stay away from Flash player in general. if the software is truly needed, users can download it directly from Adobe to make sure they’re not being tricked.
Antiviruses are often able to notice these attacks before any important information gets stolen. Another thing users should be careful about is the access they grant to various apps. Like we said, ask for access to accessibility services is a giveaway that the Adobe update is potentially malicious.
But the most important part is for users to deny unknown sources to install software. Although malware is present in the Google Play Store, Google captures a considerable amount more of malicious actors than malware are being caught in the open web.
To prevent installations from unknown sources, open the Settings app and navigate to Security. Find the option for Unknown Sources and make sure the box next to it not checked. This will ensure only apps downloaded from the Google Play Store can be installed on the device.