Casa > cibernético Notícias > The Evolution of Asacub Trojan – de Spyware para Banking
CYBER NEWS

A evolução da Asacub Trojan – de Spyware para Banking

shutterstock_248596792evolui de malware rapidamente, e assim fazer os objetivos de criminosos cibernéticos. portanto, um dever mais fundamental que pesquisadores de segurança está observando de perto peças de malware. equipe de pesquisa da Kaspersky Lab foi cuidadosamente estudando um pedaço de malware específico apelidado Asacub. Asacub started out as a simple spyware piece and currently appears to be a fully-equipped banking Trojan.

How Has Asacub Started Out?

As pointed out by Kaspersky’s Roman Unuchek, the first known version of the malwareTrojan-Banker.AndroidOS.Asacub appeared in the beginning of June 2015. Naquela época, Asacub was more of a spyware Trojan than a banking one.

Learn More about Android Malware:
Rootnik Trojan is Targeting Android
How to Remove Android/Lockerpin.A Ransomware

What the early variant of Asacub did was stealing incoming SMS messages from the victim’s phone, and uploading them to a malicious server. além do que, além do mais, this early variant could also gather information (such as the user’s list of applications, histórico de navegação, lista de contatos), send SMS messages, or turn off the user’s screen.

Então, em julho 2015, researchers registered new versions of Asacub to which new commands were added, tal como:

get_sms: upload all SMSs to a malicious server;
del_sms: delete a specified SMS;
set_time: set a new time interval for contacting the C&C;
get_time: upload the time interval for contacting the C&C to the C&servidor C;
mute_vol: mute the phone;
start_alarm: enable phone mode in which the device processor continues to run when the screen goes blank;
stop_alarm: disable phone mode in which the device processor continues to run when the screen goes blank;
block_phone: turn off the phone’s screen;
rev_shell: remote command line that allows a cybercriminal to execute commands in the device’s command line;
intercept_start: enable interception of all incoming SMSs;
intercept_stop: disable interception of all incoming SMSs.

Asacub’s Evolution to Banking Malware

The malware didn’t stop there – each next month new commands and capabilities were added to its code, with its most notable evolution being registered in September. This is when Asacub was updated to display phishing screens for a number of banking applications. Those most recent versions of Asacub seem to be more focused on stealing banking information than its earlier versions. Em comparação, earlier versions used a bank logo in an icon, and later versions use phishing screens with bank logos.

Mais tarde, Asacub was crafted to forward phone calls, make USSD requests, and download and activate various apps from the Web.

Agora, let’s jump to December 28 2015, when Asacub attacks became aggressive and wide-spread. During this peak of attacks, researchers noticed new features added to Asacub’s set of capabilities:

GPS_track_current – get the device’s coordinates and send them to the attacker;
camera_shot – take a snapshot with the device’s camera;
network_protocol – in those modifications we know of, receiving this command doesn’t produce any results, but there could be plans to use it in the future to change the protocol used by the malware to interact with the C&servidor C.

Users should know that Asacub’s communication with its command and control server revealed that it regularly receives commands to work with the mobile banking service of a major Russian bank. atualmente, US banks don’t appear to be targeted by the malware but this could change quickly, as the agenda of the malware operators may quickly take another direction.

Em conclusão:

Asacub is an all-in-one hacker asset. It could be used for phishing, malware distribution or even blackmailing. As it looks now, the adversaries are just testing out the available toolset, and there are reasons we should anticipate massive campaigns.

Reference: https://securelist.com/

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...