“Kaspersky lab”: virus for Android is stealing card data using functions

MOSCOW, September 21. /TASS/. “Kaspersky lab” has detected a new modification of the malicious software for mobile devices on the Android operating system, which steals Bank card data through features for people with disabilities, says the antivirus company.

According to experts of “Kaspersky Lab”, a mobile banking Trojan Svpeng learned how to record keystrokes on the device (ie received the functionality of a so-called Keylogger).

The malware is spread as a fake Flash player and after the activation requests, the right of access features for people with disabilities. Along with this Trojan gets other additional benefits (in particular access to the interface of other applications and the ability to take screenshots of the screen every time the virtual keyboard typed character).

According to “Kaspersky Lab”, one of the most dangerous Svpeng privileges – the ability to block other applications ‘ Windows. Often the Bank messages are forbidden to take screenshots during your display on the screen. In this case Svpeng displays on top of an application phishing window, the user enters data there and they go to the cyber criminals. “The researchers found a list of phishing addresses by which the Trojan attacks the applications of several leading banks of Europe,” the report States.

Besides, the Trojan assigns itself the sms app by default, and gets the right to make calls, access contacts. In addition, it provides the possibility to block any attempt to disable it administrator privileges. In this regard, to remove a malicious program is difficult. The researchers “Kaspersky Lab” found that Svpeng is capable to steal data, even on fully updated the device with the latest version of the Android operating system.

The total number of attacks using this mobile Trojan is small, a large portion of Russia (29%), Germany (27%), Turkey (15%), Poland (6%) and France (3%). “In this case Svpeng has an interesting feature: it does not work on devices with the Russian language interface. This tactic is often used by Russian cybercriminals, who try to avoid trouble with the law after running the malware,” explains “Kaspersky Lab”.

“The use of functions for people with disabilities – a new stage of development of mobile banking malware, as it allows Trojans to circumvent many protective mechanisms that have appeared in recent versions of Android. Furthermore, the use of the accessibility features on the device allows hackers to steal much more data than before,” commented a senior anti-virus expert “Kaspersky Lab” Roman Unuchek, whose words are reported. He added that the experts of “Kaspersky Lab” monitor all changes in functionality Svpeng, which is known for its constant updates and is one of the most dangerous malware.