Home > Cyber News > SpyLocker Android Trojan After Customers of EU Banks

SpyLocker Android Trojan After Customers of EU Banks


If you’re an Android user, you should be extra careful since another dangerous malware, a banking Trojan, is currently targeting the operating system. McAfee researchers have called the threat SpyLocker.

SpyLocker displays phishing pop-up windows with credential prompts addressed at customers of European Union banks and users of several popular Android apps, such as Google accounts, eBay or Instagram.

A Look into SpyLocker Malicious Operation

This is not the first SpyLocker has performed attacks on Android devices. Its initial campaign relied on distribution via adult content pages and a compromised Flash Player app. The first victims of the malware piece were customers of banks in Turkey, New Zealand, and Australia.

The current malicious campaign is also distributed via a compromised Flash app or a fake Android system update. However, cyber criminals are now employing compromised WordPress and Joomla websites.

Researchers have made another interesting discovery – the malware is somehow similar to Police Locker, which was detected in 2014.

More about:
Cyber.Police Ransomware
Simple Locker Ransomware

According to the researchers, victims of the current SpyLocker campaign are located in France, Poland, and the UK, and are customers of banks in the same countries. Modules for Russian banks have also been discovered in the malware. However, they were not activated.

SpyLocker Malicious Activities

Once installed, SpyLocker will harvest whatever data it needs, and will send it to a command & control server. The malware can:

  • Obtain administrator privileges;
  • Intercept incoming SMS messages;
  • Access the victim’s call history;
  • Check the installed apps.

Overall, SpyLocker seems to be equipped with all the tools that a typical modern Android banker has. One way to prevent infections with malware of this type is by never granting admin rights to applications, especially if downloaded from unsecure websites.

More about Android App Permissions

In short, remember to:

  • Research your applications before installing them;
  • Carefully read the privacy policy, terms of service and list of permissions in Google Play Store;
  • Check if the permissions the app asks are covered by the app’s functionalities;

Android and Antivirus Protection

Android users, take notes. Of all mobile operating systems, Android seems to be in the biggest need of AV protection. Various researches and statistics point out that Android is indeed the most targeted mobile OS, with more than 95% of mobile malware preferring it over other OS, Trojans such as SpyLocker included.

It’s no secret that Android app stores are full of suspicious third party products that aren’t screened properly. So, it’s quite possible that the next time you download a random (malicious) application, you get yourself an Android-specific malware, like the one described in this article.

And don’t forget that Adobe ended the development of Android Flash in 2012. Any attempts prompting you to install Flash on your Android devices should alarm you instantly of malicious behavior.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *