Trojan looks to “Wrob” Android users


Android bank Trojans having been making their way around file sharing sites and alternative markets in the last few months.

Targeting Korean users, these Trojans look to replace legitimate banking apps and capture user data.

This particular one disguises itself as the Google Play Store app and will run as a service in the background to monitor events. This enables it to capture incoming SMS, monitor installed apps and communicate with a remote server.

Strings to build URL's/Identify Apps

Strings to build URL’s/Identify Apps

The Trojan does a look up of installed apps against a list of targeted apps (BK_ARRAY_LIST in screenshots), if found it will remove and download a malicious version to replace.

The malicious version will contain the exact Package Name and look very similar to the legitimate app, but contains malicious code with no banking functionality.

This second Trojan will also capture the infected users banking information and other useful data that will generate revenue for them.

Build Download URL

Build Download URL

We’ve seen various Android banking Trojans targeting European and Brazilian banks, but this year, we’re seeing malware authors expand into other markets, not a surprise since Android is very popular worldwide.

As always, stick to reputable markets for your apps and be wary of downloading apps from file shares, especially if one is available in the Play Store.

Also, an added layer of protection like Malwarebytes Anti-Malware Mobile for Android will help keep you secure. Malwarebytes Anti-Malware Mobile does detects these Trojans as Android/Trojan.Bank.Wroba.

One thought on “Trojan looks to “Wrob” Android users

  1. jholland says on November 17, 2013 at 7:02 pm :

    Another example of how hackers can exploit the vulnerability of the Android OS to steal private financial data from users. Even worse is that most Android users have no idea that these sorts of attacks are possible. And this not an isolated case. Malware that logs keystrokes, sends premium texts, makes phone calls, records from the microphone… it’s all happened and much more.

    You have to get serious about security on your Android device by using an anti-virus app to shield your phone from threats. Check out Secure Anti-Virus for Android!. It’s from a small developer but has a good track record. More info here:

Leave a Reply

Subscribe to our YouTube Channel