Protect yourself with these five important tips.
There is a terrible new malware invading Android devices and using dirty tricks to steal users’ online banking info. Avast Threat Labs worked with SfyLabs to uncover and expose this malware, dubbed Catelites Bot. The malware is similar to a Russian outbreak earlier this year, where cybercriminals successfully stole over $900,000. (That malware was called “CronBot”—which shares similarities with the original Catelites Bot.)
Here’s what we know so far: you can unsuspectingly install this malware on your device in a number of ways, including through phony apps from third-party app stores (usually not official shops like Google Play), malicious adware (malvertisements), or phishing sites. Once downloaded onto your Android device, the malicious program looks like the icon seen in this screenshot below, titled “System Application.”
When you click that “System App” icon, it asks you for admin rights. If you grant those permissions, the malware begins its work. The “System Application” icon disappears and three familiar-looking, trusted app icons appear on your homescreen: Gmail, Google Play, and Chrome.
The 3 new icons appear on your home screen for Gmail, Google Play and Chrome.
Now the trap is set and it’s just waiting for its prey. If you try to open any of the three new icons, you will get a fake overlay asking you to enter sensitive information like your credit card. Cybercriminals are hoping you won’t think twice about falling into this trap, since you’re so used to providing these kinds of details to a trusted app like Google. Another technique they use here is keeping the overlay up on your screen so it seems you can’t get rid of it unless you enter your card details. Refuse to fall for it!
First you click “Google Play Store” notification; then it asks for your credit card number.
This tricky piece of malware also goes after your bank account login details, as it can pose as over 2,200 banks and financial institutions. Once you open your own banking app, the malware activates and places a fake overlay on your actual banking app’s screen, tricking you into entering your bank login details and credit card info. Once you provide this, the hackers have access to your account and credit card.
Watch above video to see it in action
Above shows examples of the fake overlay screens that
pull in the logos of actual banks.
If you have Avast Mobile Security for Android, then you’re already protected from this malware. But if you don’t, here are some tips to help you stay safe:
That .zip file looks legit, but it's actually a sneaky new way for cyber criminals to steal your info.
Information belonging to over 100 Italian banks breached by the Ursnif banking trojan was obtained by Avast Threat Labs, which then shared the data with as many of the victims as could be identified.