Kaspersky Lab announced today that a trojan is out in the wild and is trying to force its way past Android 6.0 Marshmallow security. The malware in question is an updated version of the Gugi banking trojan that has been in the open for a while now, but apparently, attacks have gone up ten-fold between April and early August this year.
Security on Android Marshmallow is way higher than any other previous version of Android. The malware that Kaspersky is warning about tries to force its way past new Android 6.0 Marshmallow these features designed to block phishing and ransomware attacks.
Apparently, the malware tricks the user into giving it permission to lay a fake overlay on apps. Along with this, SMS and call rights are also stolen. Using these permissions, the malware lays an overlay on genuine apps and sends user credentials to cybercriminals.
This could be used to steal stuff like banking credentials, credit card details and a lot more by overlaying on e-commerce apps or even just Google Play.
Until Android 6.0, these attacks were very easy to play. The malware makes its way into a user’s device via an unsuspecting SMS that asks the user to download an image. If the user clicks on the malicious links, the malware is downloaded and asks for additional permissions.
The user has no choice but to provide these rights. Providing all this, a screen asking users to authorise app overlay is shown. Device administrator rights are then stolen. After this, the software asks for call and SMS permissions, too. According to Kaspersky, if the user stops the process at any point, the device is completely blocked. The user will then have to reboot their device in safe mode and try to remove the trojan.
Apparently, the trojan is primarily being targeted on Russian Android users, but a global threat is imminent if the technique works well.
Roman Unucheck, senior malware analyst at Kaspersky Lab said,
“OS systems such as Android are continuously updating their security features to make life harder for cybercriminals and safer for customers; cybercriminals are relentless in their attempts to find ways around this; and the security industry is equally busy making sure they don’t succeed.”
So how to avoid being hacked?
According to the cybersecurity company, users should make sure what kind of permissions they are providing apps with and if they are necessary. A warning against clicking on potential malicious links has also been issued.