Analysis by: Grey Guo
 PLATFORM:

AndroidOS

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This Android malware presents itself as a fake as a Chinese banking app. After installation, it keeps on requesting permission of notification access, enabling it to read notifications sent by the operating system or other applications. The notifications may contain sensitive data such as one-time authentication codes sent over SMS.

The malware fakes a login page, steals the victim's banking account and password first, then monitors the notification content. If an SMS matches the regular pattern *[0-9]*, it will upload the SMS data to a remote server.

This Trojan attempts to steal information, such as user names and passwords, used when logging into certain banking or finance-related websites.

  TECHNICAL DETAILS

Information Theft

This Trojan attempts to steal information from the following banks and/or other financial institutions:

  • two-factor authentication(2FA) notifications

Mobile Malware Routine

This Trojan sends the gathered information via HTTP POST to the following URL(s):

  • http://www.{BLOCKED}tiankong.club/api/index/sms
  • http://{BLOCKED}o.com/api/index/sms
  • http://{BLOCKED}b.com/api/index/sms
  • http://{BLOCKED}tc.com/api/index/sms
  • https://www.{BLOCKED}s.com/api/index/sms

  SOLUTION

Minimum Scan Engine: 9.800

Step 1

Scan your computer with your Trend Micro product to delete files detected as AndroidOS_FakeBank.HRXOA. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check the following Trend Micro Support pages for more information:

Step 2

Trend Micro Mobile Security Solution

Trend Micro Mobile Security Personal Edition protects Android and iOS smartphones and tablets from malicious and Trojanized applications. It blocks access to malicious websites, increase device performance, and protects your mobile data. You may download the Trend Micro Mobile Security apps from the following sites:


Did this description help? Tell us how we did.