Mobile

Android Banking New Trojan

Recently, a trojan called Alien which is a new ‘fork’ of Cerberus Banking Trojan that normally targets victim’s credentials from more than 200 mobile applications includes Bank of America and Microsoft Outlook.

Alien Trojan has been detected active since early of the year and it was treated as Malware-as-a-Service(MaaS) on the darkweb.

Step of the trick for the Alien trojan would be something as below:

  1. Alien trojan only affected Android devices around the world so fat where it is using an advanced ability to bypass a Two-Factor Authentications security measures to steal the victim’s credentials.
  2. After the android device have been infected, the Alien trojan or also Remote Access Trojan (RAT) will take action within the victims by stealing a set of password from 226 mobile application that resides in the Android device such as follows:
    • Mobile Banking Application
    • Snapshot
    • Telegram
    • Microsoft Outlook

The trojan was been first adertised for rent on darkweb since January which it has been used by other people to actively target the institutions worldwide where it can be listed as below:

  • Australia
  • France
  • Germany
  • Italy
  • Poland
  • Spain
  • Turkey
  • U.K.
  • United States

Source: ThreatFabric (Countries that been affected by Alien Trojan)

Alien Trojan has taken advantages of Android service by abusing the service such as

android.permission.BIND_NOTIFICATION_LISTENER_SERVICE

Leave a Reply

Your email address will not be published. Required fields are marked *