Czech Android Trojan Representa QRecorder App

Czech Android Trojan Representa QRecorder App

Um novo Checa Trojan Android foi detectado que foi encontrado para representar o aplicativo QRecorder. Uma declaração dos shows policiais que o hacker ou grupo por trás dele já roubados mais 78 000 Euro from victim accounts.

Fake QRecorder App Turns out to be a Czech Android Trojan

This week the Czech Police reported that a new dangerous Android Trojan has been found out to be particularly active. Five victims from the Czech Republic are known so far to have been affected by it. The current samples are spread on various repositories as a fake copy of the QRecorder app. Successful installations from the Google Play repository alone number more than 10 000 instâncias. The impersonating app itself is a call recording solution, its description and attached screenshots showcase a typical entry having no suspicious elements.

Like other popular Android threats upon installation and first run it will request permissions to draw over other apps. When they have been granted the Czech Android Trojan will be able to control what is displayed to the user. This will trigger its built-in behaviour patterns, one of the first actions that are done is to report the infection to the criminal controllers. The analysis reveals that within 24 hours the infected devices will receive instructions. When no instructions are given the Android Trojan will not initiate any action.

Story relacionado: Atividade Botnet em 2018 Shows Aumento da Distribuição de ratos

The attackers have been found to use Firebase messages to communicate with the Trojan-infected devices. The slave malware QRecorder app will check for the presence of predefined banking apps. If none are found links will be found to encrypted payloads. The slave client will download them and decrypt the contents. Before the this step is initiated the user will asked additional permissions — to activate the Accessibility service. Through it the infection will be performed.

When the payload code is executed it will monitor for the download and launch of certain banking applications. A scam overlay will be created which will automatically harvest any credentials that are entered by the victim users.

The text strings that have been found in the Trojan’s source code reveal that the main targets appear to be Polish, Czech and German banks. So far two packages have been found to contain the Android Trojan:

  • com.apps.callvoicerecorder
  • gjfid.pziovmiq.eefff

The official statement can be accessed here.


Martin Beltov

Martin formou-se na publicação da Universidade de Sofia. Como a segurança cibernética entusiasta ele gosta de escrever sobre as ameaças mais recentes e mecanismos de invasão.

mais Posts - Local na rede Internet

Me siga:
TwitterGoogle Plus

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar