Crime Today News
Downloading apps from outside the Play Store without being 100% sure of their legitimacy or that they come from a reliable source isn’t the best idea. This is the starting point for many malware attacks. Bad actors take advantage of the ignorance or naivety of internet users. A new banking trojan targeting Android devices has emerged as a reminder.
Researchers discover TsarBot, an Android banking trojan that impersonates legitimate financial apps
The research team at Cyble, a cyber threat intelligence company, discovered the “TsarBot” banking trojan. According to the report, TsarBot disguises itself as a dropper in Google Play Services and spreads through phishing tactics. Attackers clone popular websites or platforms from which they try to trick potential victims into downloading and installing the malware on their phones.
The cybersecurity researchers claim that TsarBot has attempted to impersonate more than 750 popular apps around the world. The developers primarily target users of banking, fintech, e-commerce, and cryptocurrency apps. Basically, the main goal of malware is to steal your credentials and your funds before you realize it.
TsarBot uses overlay attacks, a technique where the malware places screens or windows that pretend to be from legitimate apps and request your credentials. It could mimic your banking app’s login screen or even your phone’s lock screen, for example. When you type and submit your credentials or PIN on that scammy screen, a third party will receive them on a remote server.
However, Cyble claims that the banking trojan also uses other methods to try to be more effective. The list includes screen recording and remote control, as well as device manipulation.
Cyble suspects that the new banking trojan targeting Android devices is of Russian origin. Researchers found strings or entries in Russian while exploring the infected app.
The malware cannot act if you do not grant the necessary permissions
It’s worth noting that for malware to execute all the actions described above, it requires some special permissions. An app can’t execute these types of commands if you don’t approve them first. That’s why it’s so important not to grant every permission an app requests. Such precaution is especially important with sensitive permissions and even more so for apps from dubious sources. Android tries to defend you against these attacks, but you should also use common sense. If you allow malware to do whatever it wants, the OS can’t stop it.
Furthermore, as always, it’s best to download your apps from the Play Store whenever possible. When downloading an app from an external website, please ensure the source is legitimate and trustworthy.
Crime Today News is proudly sponsored by DRYFRUIT.CO – A Brand by eFabby Global LLC
Design & Developed by Yes Mom Hosting
