Experts “Kaspersky Lab” revealed large-scale campaign aimed at infecting devices running Android banking Trojan Asacub. The day of the attack are subject to 40 thousand users, most trusting and curious of whom become victims of malware.
Method of distribution of the Trojan is as old as the world. It all starts with the fact that the potential victim receives an SMS message with a reference by name and one of the options that have probably seen almost every:
— [Your name], look the photo and the link: (link)
— [Your name], you got an MMS message from Vasya: (link)
— [Your name], interested in exchange on Craigslist? (link)
— [Your name], and you’re not ashamed?! (link)
Where Trojan knows your name
As a rule, the names of potential victims, the malware finds out from the address books of already infected devices. If the user has an active ad on “Craigslist” or, for example, admits that he can send a photo, there is a chance that he will click on the link and installs a Trojan itself.
Getting on the device of a new victim, Asacub appoints himself the application for processing the SMS by default, to give the opportunity to receive, read and send messages, and to make, accept and reject calls and control others. Such rights would enable him to transfer the money USSD-commands to block the opening of the banking apps that the user doesn’t suspect anything.
How to protect yourself
Fortunately, to protect yourself from a Trojan is not so difficult. Even if you moved the link from the SMS, you need to manually initiate the download of malicious component, and then to approve the requested resolution. And since at each stage (for example, when you change the application to handle SMS) Android will send a warning alert, it is very hard to give Asacub to take over your device.
To discuss this and other news Android in our Telegram chat.