The Android Trojan Svpeng, first reported by Kaspersky, has some new functionality and is now capable of phishing and stealing banking information.
The phishing capability is interesting. It waits on a targeted banking app or the Play Store app to launch, then a phishing window opens to requests credit card information, The information is then sent to a remote server.
image: Kaspersky Labs
The Trojan’s themselves are disguised as Adobe Flash Player apps for Android. This is clever since Adobe stopped distributing Flash in the Play Store last year in an effort to move to HTML5.
Copies of Flash Player are still being distributed on file sharing sites and third-party markets — a super easy way to disguise malware is as a legitimate app.
Svpeng has been found to target Russian banks so far, but could easily spread to others if the malware is a success.
So far, 2013 has really seen a progression in banking Trojans targeting Android — the number has grown and so have the tactics they’re using.
These Trojans are likely found where you don’t roam, but just to be safe stick to trusted markets and review apps before installing.
Malwarebytes Anti-Malware Mobile detects this trojan as Android/Trojan.SMS.Svpeng
You can find the legitimate versions of Adobe Flash Player for Android here.
Kaspersky’s story on Svpeng can be found here.
Android bank Trojans having been making their way around file sharing sites and alternative markets in the last few months.
Targeting Korean users, these Trojans look to replace legitimate banking apps and capture user data.
Smartphones no doubt make our lives easier and it’s great having so many resources available at our fingertips.
Mobile banking is one of those resources, with banks have made very feature rich apps that allow us to access our account, deposit checks, and money transfers.
Malware writers know this and have been trying to make an impact on Android’s banking app for some time now. There have been a several families with some of the same gangs targeting PC’s also targeting mobile such like Zeus and SpyEye.
Malware authors creating fake Android markets where they provide a familiar look and feel of the real Google Play to exploit users is not a new concept, and we’ve talked about it in previous blogs.
Recently, we’ve found fake markets that are created with such detail that it’s almost hard to tell the difference between which is real the real Google Play and which is a scam.
Trojan (horse) in computer-terms is a type of malware that does not replicate itself.
The name is based on the mythological tale of Greek warriors who hid inside a giant wooden horse that was suppose to be “present” to the city of Troy. After dark, the Greek warriors opened the previously impenetrable gates of Troy to let in the rest of their army and sacked the city.
So, the name is very fitting, because computer Trojans often disguise themselves as something useful or at least innocent. Once they are inside, however, they often download or install other malware on the user’s computer.