ANDROID WARNING: Smartphone owners put on alert about terrifying FRANKENSTEIN virus

ANDROID smartphone fans are being put on alert about a terrifying ‘Frankenstein’ virus that cybercriminals are looking to spread.

Android users are being warned about a new ‘Frankenstein’ virus that combines the worst features of different malware to form a dangerous threat.

Dubbed MysteryBot, the malware blends features of ransomware, keyloggers and banking trojans to create a virus that can attack on many fronts.

Security researchers from ThreatFabric discovered the malware, and said it appears to be related to the well-known LokiBot Android banking trojan.

Speaking to Bleeping Computer, a ThreatFabric spokesperson said: “Based on our analysis of the code of both Trojans, we believe that there is indeed a link between the creator(s) of LokiBot and MysteryBot.

“This is justified by the fact that MysteryBot is clearly based on the LokiBot bot code.”

MysteryBot is capable of taking control of infected devices, with the ability to read messages, gather contact information and steal sensitive e-mails.

While Android malware tends to attack older versions of the Google mobile OS, MysteryBot can target recent pieces of software like Android 7 and Oreo.

It uses an overlay screen to display fake login pages on top of legitimate apps for the Google mobile OS, so cybercriminals can steal sensitive user credentials.

MysteryBot also has a unique keylogger feature.

Other malware takes screenshots the moment a user presses a key on the touch-based keyboard to figure out what the user is typing.

Whereas MysteryBot records the location of a touch gesture instead.

It then tries to guess what the user has pressed based on points users touched the screen and the positioning of the virtual keyboard.

MysteryBot also has a ransomware module which means it can encrypt files and then store them in a password protected ZIP archive.

Once encryption is complete a message pops up accusing the victim of having watched adult content.

It then demands that an e-mail address is entered so that a password can be sent out.

A victim will then presumably be asked for payment in exchange for the data to allegedly behanded back.

ThreatFabric researchers wrote: “The enhanced overlay attacks also running on the latest Android versions combined with advanced keylogging and the potential under-development features will allow MysteryBot to harvest a broad set of personal identifiable information in order to perform fraud.”

MysteryBot currently isn’t widespread and is still in development.

But Android users should be wary of any apps they download which ask for a lot of permissions.

ThreatFabric said the current versions of MysteryBot they have spotted have been designed as a Flash Player app for Android.

A ThreatFabric spokesperson said: “In general, the consumer must be aware that all of the so called ‘Flash Player (update) apps’ that can be found in and outside the various app stores are malware.

“Many web sites still require visitors to have support for Flash (which has not been available on Android for many years) causing Android users to try and find an app that will let them use that web site.

“In the end they will just end up installing malware.”

The news comes after Express.co.uk recently reported on popular Android apps that were found to collect users’ sensitive data.

Android smartphone fans were put on alert about apps found on the Google Play Store that can collect sensitive data from millions of users.

The data collection shock was discovered by Andrey Meshkov, co-founder of Adguard, who described it as a “huge spyware campaign”.

According to Meshkov’s findings, the data collection campaign affects Android apps as well as extensions for the market leading Google Chrome internet browser.

The security expert said once a victim is logged into their Facebook account the Chrome extensions scrape data immediately after the browser starts up.

In a blog post, Meshkov said all Facebook data is scraped and it even tries to go through a victim’s purchase history.

Other data that is targeted includes posts, sponsored posts, tweets, YouTube videos and adverts a victim has seen and interacted with.

This data is then collected and sent to a third-party firm called Unimania who it is claimed then sells the data to other parties for revenue.

Adguard said a number of Android apps on the Google Play Store have been found to operate in the same way as the offending Chrome extensions.

The ad blocker in their research pinpointed two Android apps with millions of installs.

One of these is an alternative Facebook client called Fast which has been downloaded more than 10 million times.

The other app is Fast Lite, run by the same developers, which the Google Play Store says has over one million installs.

Both apps mention Unimania in the privacy policy.

These apps, in the aftermath of Meshkov’s findings being published, have been removed from the Google Play Store.

Original article by DION DASSANAYAKE https://www.express.co.uk/life-style/science-technology/974906/Android-warning-malware-virus-alert-keylogger-banking-trojan-ransomware

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.