""This new threat, while only seen in a limited number of rather targeted campaigns, already poses a great risk to the users of mobile banking, allowing its operators to remotely control infected devices and perform device takeover attacks with further fraudulent transactions performed from the victim's banking accounts," the Dutch mobile security company said in a report shared with The Hacker News."
"Like various Android banking malware families, Massiv supports a wide range of features to facilitate credential theft through a number of methods: screen streaming through Android's MediaProjection API, keylogging, SMS interception, and fake overlays served atop banking and financial apps. The overlay asks users to enter their credentials and credit card details. One such campaign has been found to target gov.pt, a Portuguese public administration app that allows users to store identification documents and manage the Digital Mobile Key (aka Chave Móvel Digital or CMD). The overlay tricks users into entering their phone number and PIN code, likely in an effort to bypass Know Your Customer (KYC) verification."
"ThreatFabric said it identified cases where scammers used the information captured through these overlays to open new banking accounts in the victim's name, allowing them to be used for money laundering or getting loans approved without the actual victim's knowledge. In addition, it serves as a fully functional remote-control tool, granting the operator the ability to access the victim's device stealthily while showing a black screen overlay to conceal the malicious activity."
Massiv is a new Android trojan engineered to facilitate device takeover (DTO) attacks for financial theft. The malware masquerades as IPTV apps to target users seeking online TV applications. It implements screen streaming via Android's MediaProjection API, keylogging, SMS interception, and fake overlays that prompt victims for credentials and credit card details. One campaign targeted the gov.pt app to trick users into submitting phone numbers and PINs to bypass KYC. Captured data has been used to open bank accounts in victims' names. Operators can remotely control infected devices and hide actions with a black-screen overlay.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]