A new Android Trojan that steals banking data is making the rounds online and is presently targeting Korean users, a security vendor reported this week.
MalwareBytes said the Trojan disguises itself as the Google Play Store app, then replace legitimate banking apps and capture user data.
"This particular one disguises itself as the Google Play Store app and will run as a service in the background to monitor events. This enables it to capture incoming SMS, monitor installed apps and communicate with a remote server," it said in a blog post.
It added this appears to be the latest variant of Android banking Trojans that previously targeted European and Brazilian banks.
MalwareBytes said malware authors appear to be expanding into other markets, "since Android is very popular worldwide."
An investigation showed the Trojan will contain the exact Package Name and look very similar to the legitimate app, "but contains malicious code with no banking functionality."
It will "capture the infected users banking information and other useful data that will generate revenue for them," it added.
MalwareBytes advised users to "stick to reputable markets for your apps and be wary of downloading apps from file shares, especially if one is available in the Play Store." — KDM, GMA News
source: gmanetwork.com
