Cleafy computer security researchers have just discovered the existence of a new banking malware called Revive. This trojan, which is spreading rapidly at the time of writing, can be relaunched at will by hackers in the event of detection or unexpected shutdown. Which makes it a very dangerous malware.
Not a week goes by without new malware threatening the billions of Android device users around the world. Among the latest dangers to date, we remember the BRATA malware, capable of spying on customer messages sent via their banking application. Or SMS Factory, an Android Trojan that can cause your phone bill to explode.
This time, we owe the discovery of the day to computer security researchers at Cleafy. Indeed, these experts detected the existence of a new malware called “Revive”. For now, the first cases were reported in Spain around June 15, but everything indicates that the malware could spread quickly outside Spain’s borders, in particular via phishing campaigns.
Revive, the immortal malware
Unsurprisingly, the malware does not get its name by chance. It is even a direct reference to its main strength. Indeed, if the malware becomes inoperative, whether due to the actions of the user or because of a bug, hackers are able to reactivate it remotely at their leisure. And to strengthen its hold on the infected device. You would have understood it, this makes “Revive” a particularly resistant malware and all the more harmful.
As a banking trojan, “Revive” currently targets BBVA users (Banco Bilbao Vizcaya Argentaria), a multinational banking group based in Madrid and Bilbao. The procedure is rather simple, since hackers opted for a classic phishing campaign.
In fact, BBVA customers receive fake emails, SMS or message by WhatsApp supposedly coming from the banking establishment. They are informed of the launch of a new application, and are invited to download it via a link outside the Play Store or App Store.
Also read: Android – Google reveals that spyware is listening to all your conversations
Revive can capture keystroke and intercept 2FA SMS
During installation, the program requires access to many features, such as being able to observe the touch controls performed on the screen, or even being able to access the microphone and the camera. In this way, the malware can scrutinize all the actions of the victimincluding on all installed apps.
Note also that “Revive” is able to capture keystroke and intercept unique code SMS used for two-factor authentication. “When the victim opens the malicious application for the 1st time, Revive asks the user to accept two permissions related to SMS and calls. After that, a clone of the targeted bank’s login page appears, and if the user enters their credentials, they are passed to the control server.” explain the researchers.
To protect yourself, the recommendation is simple: never agree to download an appbanking moreover, outside of a secure app store like the Play Store or the App Store. Updating banking apps will still happen through these stores.
Source: The Hacker News
#Android #beware #terrible #banking #malware #heres #protect