Nasty Android malware steals passwords from over 200 apps — what to do now
Nasty Android malware steals passwords from over 200 apps — what to do now
A new strain of Android malware steals passwords from Facebook, Google, WhatsApp and more 200 other apps, swipes Google Authenticator ii-factor-hallmark codes, steals contact lists, logs keystrokes and installs apps. It could even give hackers near-total control of your phone.
The ultimate aim is to take over your online accounts, especially bank accounts, and steal your coin.
- Unkillable Android malware is still out there — how to protect yourself
- The best Android antivirus apps to go along your telephone clean
- New: Forget Galaxy Z Fold ii — Samsung's adjacent phone could roll
Dubbed "Conflicting" by its creators, the malware is a new variant on the Cerebus cyberbanking Trojan, which went open up-source in Baronial afterward Android's built-in Play Protect threat detector learned how to spot it. This new bug doesn't have that problem, say researchers at Amsterdam-based information-security firm ThreatFabric.
The Conflicting malware embeds itself in fake fettle apps, fake Flash Player apps, fake coronavirus-related apps and fifty-fifty fake versions of Google Update. ThreatFabric thinks the apps are mainly distributed via malicious websites and SMS text letters.
"A lot of it seems distributed via phishing sites, for example [a] malicious page tricking the victims into downloading fake software updates or fake Corona apps," ThreatFabric malware analyst Gaetan van Diemen told ZDNet'southward Catalin Cimpanu.
"Another method observed to be used is the SMS — once they infect a device they collect the contact list which they then reuse for further spreading of their malware campaign."
1 more affair: Upon installation, Alien-infected apps will ask for permission to get authoritative privileges on your phone, which volition give them powers over other apps and organization settings. Generally, only antivirus apps and find-my-device features should take such privileges.
How to protect yourself from Alien malware
To protect yourself from Alien and other data-stealing mobile malware, never download an Android app from outside the Google Play Store — specially when that app comes to you through a random website or message. But even Google Play has malware sometimes, so you'll need to install and utilize one of the best Android antivirus apps.
And definitely exercise non grant administrative privileges to random apps, or to whatsoever apps at all unless in that location'due south a very specific reason for the app to accept them.
More than 200 apps targeted by Alien malware
The Alien malware has already been modified to target users in more than a dozen different countries, led by Spain, Turkey, Frg and the United states of america.
Information technology captures user passwords past generating fake screens that mimic the login pages of at least 226 unlike Android apps, most of them banks in the targeted countries. Some cryptocurrency apps are also targeted.
Among leading banks in the U.S., Canada and the United Kingdom, the targeted institutions include Depository financial institution of America, Capitol Ane, Citibank, Hunt, Fifth Third, SunTrust, TD Bank, US Bank, Wells Fargo, BMO, CIBC, National Bank of Canada, RBC, TD Canada, Barclays, HSBC, Lloyds Banking concern, NatWest, Royal Bank of Scotland and TSB.
Conflicting doesn't limit itself to cyberbanking apps. Some cryptocurrency apps are besides targeted, naturally, but then are apps for many of the most widely used online services, including Amazon, AT&T, eBay, Facebook, Gmail, Google Play, Google Play Games, Instagram, Netflix, Outlook, PayPal, Skype, Snapchat, Telegram, Twitter, USAA, Viber, WhatsApp and Yahoo Mail service.
Seizing control over any of those accounts would give the attackers a pretty deep insight into a person's life. For example, email accounts could be leveraged to seize other accounts that ship lost-password reset codes to users' email addresses.
The fact that Conflicting tin besides read SMS messages and one-time codes generated by Google Authenticator means that many forms of two-factor authentication aren't safety.
What Alien can do on your telephone
The full list of Alien'south abilities is pretty scenic. ThreatFabric lists them equally:
- Keylogging
- Remote access
- SMS harvesting: SMS listing
- SMS harvesting: SMS forwarding
- Device info collection
- Contact listing collection
- Application list
- Location collection
- Overlaying: Targets list update
- SMS: Sending
- Calls: USSD request making
- Calls: Call forwarding
- Remote actions: App installing
- Remote deportment: App starting
- Remote actions: App removal
- Remote actions: Showing arbitrary web pages
- Remote actions: Screen-locking
- Notifications: Push notifications
- C2 Resilience: Auxiliary C2 listing
- Cocky-protection: Hiding the App icon
- Self-protection: Preventing removal
- Self-protection: Emulation-detection
- Architecture: Modular
If none of the regular methods to grab user passwords work, Alien has an ace upwardly its sleeve, ane that its predecessor Cerberus never had.
Thank you to its power to install apps on its ain, Alien tin can install the TeamViewer remote-control and screen-sharing app to exist used equally a remote-access Trojan (RAT).
That will give the attackers most-total visibility into, and in most cases full control over, your phone. They'll be able to run across everything you practice on the phone and to frequently exercise things themselves.
The one saving grace is that one time TeamViewer is installed by the crooks, information technology will show up in your app tray and yous'll be able to run into that it'south at that place — and remove information technology. All the same, ThreatFabric says that may not exist the case for much longer.
"Information technology would be logical for them to improve the RAT, which is currently based on TeamViewer (and therefore visible when installed and executed on the device)," the ThreatFabric blog mail said.
"What can be considered for granted is that the number of new banking Trojans volition only continue growing, many embedding new and improved features to increase the success rate of fraud."
Source: https://www.tomsguide.com/news/alien-android-malware
Posted by: austinweactiond.blogspot.com
0 Response to "Nasty Android malware steals passwords from over 200 apps — what to do now"
Post a Comment