The Banker Android''s new version (opens in a new tab) spyware has been detetcted, stealing the victim''s banking details and possibly even money in some cases.
According to Microsoft''s cybersecurity analysts, an unknown threat actor has initiated a smishing campaign (SMS phishing) through which it attempts to trick people into downloading TrojanSpy:AndroidOS/Banker.O. This is a malware (opens in new tab) program, which is capable of extracting all kinds of sensitive information, including two-factor authentication (2FA) codes, account login details, and other personally identifiable information (PII).
What makes this attack so depressing is the fact that the entire operation is executed in secret.
Granting major permissions
Once the user downloads the malware, they must grant certain permissions, such as MainActivity, AutoStartService, and RestartBroadCastReceiverAndroid.
It can avert calls, access call logs, messages, contacts, and even network information via SMS. Upon completion, the malware may even receive and read two-factor authentication codes, including them to make sure the victim does not suspect anything else.
To make things worse, the app is granted a silent command, which means the 2FA codes coming in through SMS can be received, read, and deleted in total silence - no notification sounds, no screen light, no.
The motivations for the campaign are unknown, but Microsoft does know that the app, which was initially developed in 2021, could be easily accessible online.
The scope of the attack is also unknown, as it''s difficult to determine how many people are affected. Last year, Banker was observed attacking Indian consumers only, and given that the phishing SMS carries the name of the Indian ICICI bank, it''s safe to assume Indian users are also in the crosshairs this time around.
"Some of the malicious APKs also use the same Indian bank''s logo as the fake app, which we investigated, which might indicate that the actors are constantly developing new versions to keep the campaign running," according to researchers.