New bank-fraud malware called Vultur infects thousands of devices

by
Dan Goodin
from Ars Technica - All content on (#5MS4P)
smartphone-bot-800x534.jpeg

Enlarge (credit: Getty Images)

Recently detected Android malware, some spread through the Google Play Store, uses a novel way to supercharge the harvesting of login credentials from more than 100 banking and cryptocurrency applications.

The malware, which researchers from Amsterdam-based security firm ThreatFabric are calling Vultur, is among the first Android threats to record a device screen whenever one of the targeted apps is opened. Vultur uses a real implementation of the VNC screen-sharing application to mirror the screen of the infected device to an attacker-controlled server, researchers with ThreatFabric said.

vultur-640x360.jpeg

(credit: ThreatFabric)

vultur-banking-trojan-640x360.jpeg

(credit: ThreatFabric)

The next level

The typical modus operandi for Android-based bank-fraud malware is to superimpose a window on top of the login screen presented by a targeted app. The overlay," as such windows are usually called, appears identical to the user interface of the banking app, giving victims the impression they're entering their credentials into a trusted piece of software. Attackers then harvest the credentials, enter them into the app running on a different device, and withdraw money.

Read 12 remaining paragraphs | Comments

index?i=DOlDj1YBACg:DDAvRP87A2k:V_sGLiPB index?i=DOlDj1YBACg:DDAvRP87A2k:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments