Cybersecurity concerns are increasing day by day and the latest to add to this anxiety is an Android banking Trojan. As per a recent alert issued by Kaspersky the said malware named “Banker.GT” has the ability to block Mobile Antivirus apps from launching on the phone. Thus, it helps cyber criminals to steal login credentials from banking apps stored on smartphones.
As of now, this android banking Trojan is active in countries like Germany and Swiss and has succeeded in targeting mobile apps of 15 German Banks.
The highlight of this Trojan is the ability to detect the presence of mobile security software and block it from detecting the malicious activities. This malware is being sent to users through an email client and so many users are accidentally falling prey to it by giving more permissions than needed.
The Banker.GT trojan is having a generic name of “Email” and Icon and as soon as it obtains the admin permissions, it deletes itself from the menu and starts working in the background.
This is when the app gives remote access to its administrators who start misusing its presence on the mobile platform. They first track the IMEI of the device, its model, and its loaded Android version details. They then pass the info to an online server and register itself as an active infection. It is from here that the C&C server will send commands to the newly detected bots.
As this Trojan focuses on Mobile banking events taking place on a mobile device, its prime focus will be to keep logs of all money transactions taking place through that app and pass on the info to the remote hackers.
Hackers then pass on an update to the Trojan where it shows an overlay window on User’s normal screen, showing a fake login page. As soon as the login credentials are used, the malware sends it to its C&C servers for storing those details and will use those details to steal money.
Currently, this Android-based currency pirate is in the initial stage of distribution and may soon spread to other countries within no time.