A newly discovered Android malware is targeting banking apps to gain access to users’ bank accounts.
Background Information of Banker.AndroidOS.Svpeng.ae a.k.a. Invisible Man
Adobe Flash, the harbinger of video on the internet, has been immensely instrumental in its role of bringing satisfaction to millions of internet users by allowing them to experience and immerse themselves in internet media. Unfortunately, the once-beloved media-player software is entering a bygone era, now being synonymous with malware.
Adobe Flash has become obsolete in today’s cybersecurity realm, with its recent history of vulnerabilities and security patches, it is nonetheless evident as to why Adobe has decided to phase it out by 2020. However, until it has been fully phased out, Flash remains a soft spot for hackers to experiment with new malware and exploit it.
With that in mind, vigilance is key to preventing any hackers from exploiting you. The recently discovered Trojan-Banker.AndroidOS.Svpeng.ae or known by its other name, the “Invisible Man”, the malware is designed to trick you, the user into giving the hackers remote access to your Android smartphone and essentially your bank account. It is disguised as a fake Flash player download. If opened, it redirects the victim to a site where an .apk file will be downloaded automatically.
The malware was discovered by researchers at the Kaspersky Lab. Malware analyst Roman Unucheck states, “Its malicious techniques work even on fully updated devices with the latest Android version and all security updates installed.”
“By accessing only one system feature, this Trojan can gain all necessary additional rights and steal lots of data,” Unucheck cautioned.
Invisible Man: What You Need to Know
The Invisible Man malware, which implements a keylogging – when hackers trick you into giving them your private information, like usernames and passwords, by spying on the words being typed into the system or your smartphone in this case – affecting Android users, hackers use a fake app over a real app, such as your banking app. Hence, the fake app will ask you to input information. Your real banking app on the other hand is underneath the fake app, effectively tricking the user into giving them their username and password.
Once the downloaded .apk file is installed, the mobile device opens itself to exploitation. Researchers report that the malware file gives itself administrative rights and from thereon it becomes the default SMS app. In addition, it also can send or receive calls and SMS.
The above-mentioned malware has so far spread to the United Kingdom, Turkey, Australia, Singapore. Germany and Poland.
It is initiated with the hackers checking your language settings. The malware will proceed so long as your smartphone is not set to Russian. If, however, it is set to Russian, and once the malware detects this, it will turn off and delete itself. This is presumably thought to be due to Russian hackers being wary of not infecting fellow Russians with their own malware.
From there on, it asks for permission to access the user’s accessibility settings. Such settings are designed to aid and make it easier for people who have difficulties with hearing, vision or dexterity. The accessibility settings can be found under Apps >> Settings >> Accessibility.
The accessibility settings are easy to exploit for the malware to remotely install itself as the user’s smartphone’s default messaging software. This results in it disguising itself as a legitimate app that, as a matter of fact and reality, is accessing your bank account information. In that way, the access to your funds if successfully finalized.
What should you do?
By executing the following easy steps, you could help delete the malware from your smartphone:
- Uninstall Adobe Flash from your smartphone.
- Make sure you are running a strong and reputable anti-malware software on your Android smartphone.