Researchers from Kaspersky Lab have discovered an updated version of Svpeng which is one of powerful & rapidly proliferating Svpeng Android banking trojan
In capsule:
- One of the most dangerous android banking Trojan Svpeng has been modified with additional keylogger features.
- Roman Unuchek, a senior malware analyst at Kaspersky Lab, found this malware which exploits the Android accessibility services to add the keylogger.
- The malware steals all the text entered in all apps and log all keystrokes.
- It gives itself all the administrator rights and makes it difficult to uninstall the app.
- The malware has not yet deployed widely although users from 23 countries have already been affected
- Apps like eBay, PayPal and banking apps from UK, France, Turkey, Singapore, Poland and Australia were also affected
Security researchers from Kaspersky Lab have discovered an updated version of Svpeng which is one of the most powerful and rapidly proliferating Svpeng Android banking trojan. The black hands behind this Trojan added keylogger feature to the same which gives hackers better access to victim’s gadget and steal sensitive data. Roman Unuchek, a senior malware analyst at Kaspersky Lab, said the updated version of malware exploits the Android accessibility services to add the keylogger feature which helps them to steal the text entered in all apps and log all keystrokes. The new version Svpeng malware has become more powerful and dangerous because it grants itself all the device administrator rights, make itself as the default messaging app, give permissions like the ability to send and receive a message, to dial calls and read contacts. In addition to this, the malware can block any attempt of updating the administrator rights. It will also make it impossible to uninstall the respective App from the device. And this feature brings the malware as one of the most poisonous trojans. Researchers from Kaspersky lab first discovered the malware in 2013. The new version is not yet deployed widely although users from 23 countries including Russia, Poland, Germany, Turkey, and France have already been affected. Even though most of the infected users are from Russia (29%), the trojan will not perform any further malicious activities on devices which show Russian as the language. It may be because the person behind this attack might be a Russian and intends to avoid violating Russian laws to escape from arrest. Roman Unuchek said that the updated version of Svpeng Android banking trojan spreaded through malicious websites which are disguised as fake flash player. The malware uses the accessibility services to gain access on the inner working of others apps in the device. It also supports third party keyboards which allow hacker to steal text entered in other apps and take a screenshot whenever user presses a button. “Some Apps, mainly banking Apps, do not allow screenshots to be taken when they are on top. In such cases, the Trojan has another option to steal data – it draws its phishing window over the attacked app,” said Roman Unuchek. It used accessibility services to find out which app is on the top and all the stolen data uploaded to the C&C server of the attacker. Roman Unuchek also said that he managed to decrypt a configuration file from malware’s C&C server that helped him to find out some of the targets of the malware. He also found out phishing pages for both eBay and PayPal mobile apps. He also mentioned that apps and website which were affected by the malware includes banking apps from the UK, France, Turkey, Singapore, Poland and Australia.
To prevent your smartphone from infection (Svpeng Android banking trojan), do follow the instructions below:
- Always switch off “Allow installation from unknown sources” in security settings thereby restricting download apps from a third party and anonymous sources.
- Use google play or app store to install apps, don't use any third party app stores
- Download apps from verified developers and check their app rating and download counts before installing an app
- Verify app permission before installing an app
- Install a good and updated antivirus which can detect and block this type of malware
