Warning for Android users over Brazilian trojan sweeping the US and Spain: Downloading a dodgy app could leave you open to banking fraud

  • Cybersecurity company McAfee said it had discovered a spate of trojans  
  • These allowed their installers remote access to devices and to steal data 
  • Android has a 48% share of the UK smartphone market
  • Users told to be wary of downloading any apps even if they looked legitimateBritons with Android smartphones and tablets have been urged to watch out for fake software updates that could give away passwords, financial information and even let criminals take control of their devices.

    Computer security company McAfee warned it had noticed a spate of malware trojans originally from Brazil targeting the Google Play Store and trying to trick users into downloading them.

    In Britain, where phones with the Android operating system account for almost half of the market, people have also been told to be on the lookout.

    The cybersecurity company McAfee warned of sophisticated banking trojans attacking Android smartphone users

    The cybersecurity company McAfee warned of sophisticated banking trojans attacking Android smartphone users 

    So-called 'BRATAs', or Brazilian Remote Access Tool Android, originally appeared in the South American country in 2018, according to McAfee, and became widespread from January 2019.Now spreading elsewhere, these RATs pose as security apps which tell their users they need to update their software, whether that is a search engine like Google Chrome, a messaging app like WhatsApp or even a PDF viewer.

    However, rather than updating these apps, they install malicious software, malware, which allows criminals to take control of devices.According to McAfee, these trojans can display phishing websites which are used to harvest financial details which can be used to steal money or commit identity theft; and can directly capture lock screen details like a password or keystrokes through keylogging software. They can even introduce screen recording software.

    The company said it had found at least five malicious apps in the Google Play store, where Android users can download everything from Candy Crush to TikTok, which were capable of such actions.

    Most were downloaded between 1,000 and 5,000 times, but one had as many as 10,000 downloads.

    The trojans originally targeted Brazilians and other Portuguese speakers but have now been seen targeting Spanish and English speakers in the United States too

    The trojans originally targeted Brazilians and other Portuguese speakers but have now been seen targeting Spanish and English speakers in the United States too

    Of the ones McAfee said it had found, the first was discovered in May and the latest last October, all of which had been removed by Google from its store. 

    They all posed as security software, calling themselves names like 'PrivacyTitan' and 'SecureShield'.

    While they initially targeted Brazilians or other Portuguese speakers with Android phones, these malicious apps have become more widespread.

    'In June we noticed that threat actors behind BRATA started to add support to other languages like Spanish and English, McAfee said in a blog post published on Monday.

    McAfee found at least 5 of these apps in the Google Play store last year

    McAfee found at least 5 of these apps in the Google Play store last year

    'Depending on the language configured in the device, the malware suggested that one of the following three apps needed an urgent update: WhatsApp (Spanish), a non-existent PDF Reader (Portuguese) and Chrome (English).'

    Although McAfee had not suggested these apps had become widespread in the UK, Britons living through a fraud epidemic which has stolen hundreds of millions of pounds during the pandemic were urged to be on their guard.

    Impersonators throughout the coronavirus pandemic have posed as legitimate financial firms, parcel delivery companies, and even the NHS and the Government, using cheap number-spoofing software.

    These apps can allow criminals to take complete control of devices as well as steal financial information

    These apps can allow criminals to take complete control of devices as well as steal financial information

    As a result, this could simply be the latest step. Ray Walsh, from the company ProPrivacy, said news of the spread of the 'sophisticated' trojan meant it was 'vital' those in the UK were warned they could be infected.

    He said: 'By accepting and agreeing to accessibility services, the user installs a sophisticated banking trojan that gives the hacker full remote control over their device.

    'The exploit works by taking full control of the infected device, allowing the hackers to display phishing webpages that steal the victim's banking credentials, capture their screen lock passcode, and perform keylogging to steal other sensitive credentials and passwords.'

    scam

    Walsh added: 'It is vital that users are extremely wary of any apps they install, and that they do not accept updates for their apps outside of the official Play Store, which will automatically update and patch their apps when needed. 

    'Always be wary of any apps that prompt you to update existing apps for security purposes, and never accept accessibility services.

    'Always check an app's reputation before installing it and stick to well-recognized apps, even if you are sourcing them on Google Play.'

No comments:

Powered by Blogger.