Free Phone Consultation For New Clients | CONTACT NOW

Revive: From Spyware to Android Banking Trojan

A new Android banking trojan, dubbed Revive, has been discovered in the wild and it is able to steal login credentials from customers of a top-tier Spanish bank through phishing campaigns.

This trojan uses a different tactic than typical malware which is to download the official app used by the bank and then steal login credentials. This type of trojan is able to bypass Android's built-in malware protection, known as Verify Apps.

The Revive trojan also has an additional feature that distinguishes it from other banking trojans on Android - it can log into any Spanish bank account, even if customers haven't downloaded or logged in to the official app. The only thing required is for these customers to input their login credentials into a phishing page under the guise of an update or renewal request.

Furthermore, the trojan can also steal access credentials on Facebook and other social networking sites, including Yahoo Mail. Apparently, the trojan is able to circumvent the Android's built-in malware protection system by using a custom app that masquerades as an update to existing legitimate apps on a user's device.

The Revive trojan is using various social engineering techniques via phishing messages that pretend to come from banking apps such as Bankia (the bank at the center of this incident) to trick victims into downloading fake update or renewal requests.

After the user has downloaded the update and installed it, it will prompt them to upgrade or renew the app. The victim is then prompted to input their banking credentials to verify their identity. The trojan will then capture these credentials and send them back to a central server that the attackers control.

According to researchers, the reason this trojan was able to bypass Android's built-in malware protection is that it used a custom app package (APK) which used its own signature instead of that of an official app from the Spanish bank. This was an ingenious way around security controls in Android because Android will not install apps with invalid signatures regardless of whether they have been verified by an antivirus solution or not.

Source: Revive: from spyware to android banking trojan - AlienVault - Open Threat Exchange

Need secure managed IT services in the Greenville, SC, area?