Hjem > Cyber ​​Nyheder > The Evolution of Asacub Trojan – fra spyware til Banking

Udviklingen af ​​Asacub Trojan – fra spyware til Banking

shutterstock_248596792Malware udvikler sig hurtigt, og det samme gør målene for cyberkriminelle. Således, en mest afgørende opgave at sikkerhedseksperter har nøje observation malware stykker. Kaspersky Labs forskergruppe er nøje studere en bestemt malware stykke døbt Asacub. Asacub started out as a simple spyware piece and currently appears to be a fully-equipped banking Trojan.

How Has Asacub Started Out?

As pointed out by Kaspersky’s Roman Unuchek, the first known version of the malwareTrojan-Banker.AndroidOS.Asacub appeared in the beginning of June 2015. Dengang, Asacub was more of a spyware Trojan than a banking one.

Learn More about Android Malware:
Rootnik Trojan is Targeting Android
How to Remove Android/Lockerpin.A Ransomware

What the early variant of Asacub did was stealing incoming SMS messages from the victim’s phone, and uploading them to a malicious server. Desuden, this early variant could also gather information (such as the user’s list of applications, browserhistorik, kontakt liste), send SMS messages, or turn off the user’s screen.

Derefter, i juli 2015, researchers registered new versions of Asacub to which new commands were added, såsom:

get_sms: upload all SMSs to a malicious server;
del_sms: delete a specified SMS;
set_time: set a new time interval for contacting the C&C;
get_time: upload the time interval for contacting the C&C to the C&C server;
mute_vol: mute the phone;
start_alarm: enable phone mode in which the device processor continues to run when the screen goes blank;
stop_alarm: disable phone mode in which the device processor continues to run when the screen goes blank;
block_phone: turn off the phone’s screen;
rev_shell: remote command line that allows a cybercriminal to execute commands in the device’s command line;
intercept_start: enable interception of all incoming SMSs;
intercept_stop: disable interception of all incoming SMSs.

Asacub’s Evolution to Banking Malware

The malware didn’t stop there – each next month new commands and capabilities were added to its code, with its most notable evolution being registered in September. This is when Asacub was updated to display phishing screens for a number of banking applications. Those most recent versions of Asacub seem to be more focused on stealing banking information than its earlier versions. Sammenlignet med, earlier versions used a bank logo in an icon, and later versions use phishing screens with bank logos.

Senere, Asacub was crafted to forward phone calls, make USSD requests, and download and activate various apps from the Web.

Nu, let’s jump to December 28 2015, when Asacub attacks became aggressive and wide-spread. During this peak of attacks, researchers noticed new features added to Asacub’s set of capabilities:

GPS_track_current – get the device’s coordinates and send them to the attacker;
camera_shot – take a snapshot with the device’s camera;
network_protocol – in those modifications we know of, receiving this command doesn’t produce any results, but there could be plans to use it in the future to change the protocol used by the malware to interact with the C&C server.

Users should know that Asacub’s communication with its command and control server revealed that it regularly receives commands to work with the mobile banking service of a major Russian bank. I øjeblikket, US banks don’t appear to be targeted by the malware but this could change quickly, as the agenda of the malware operators may quickly take another direction.


Asacub is an all-in-one hacker asset. It could be used for phishing, malware distribution or even blackmailing. As it looks now, the adversaries are just testing out the available toolset, and there are reasons we should anticipate massive campaigns.

Reference: https://securelist.com/

Milena Dimitrova

Milena Dimitrova

En inspireret forfatter og indholdschef, der har været hos SensorsTechForum siden projektets start. En professionel med 10+ års erfaring med at skabe engagerende indhold. Fokuseret på brugernes privatliv og malware udvikling, hun tror stærkt på en verden, hvor cybersikkerhed spiller en central rolle. Hvis almindelig sund fornuft giver ingen mening, hun vil være der til at tage noter. Disse noter senere kan blive til artikler! Følg Milena @Milenyim

Flere indlæg

Følg mig:

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...