Kaspersky Lab's experts have revealed a large-scale campaign to infect Android-powered devices with the banking Trojan Asacub. On the day of attack, up to 40,000 users are exposed, the most trusting and curious of whom become victims of malicious software.
The way of trojan distribution is old as the world. It all starts with the fact that a potential victim receives an SMS message with a call by name and one of the variants of the text that almost everyone probably saw:
– [Ваше имя]see the photo under the link: https://androidinsider.ru/polezno-znat/novyiy-android-troyan-ukradet-vashi-dengi-a-vyi-ob-etom-dazhe-ne-uznaete.html
– [Ваше имя]you received an MMS message from Vasya: (link)
– [Ваше имя]is it interesting to exchange for Avito? (link)
– [Ваше имя]and you are not ashamed after this ?! (link)
Where does the Trojan know your name
As a rule, the names of potential victims of malware are learned from address books of already infected devices. If the user has an active ad on Avito or, for example, admits that they can send a photo, then there is a possibility that he will follow the link and install the Trojan himself.
Asacub assigns itself to the new victim device as an application for processing SMS by default, receiving the ability to receive, read and send messages, and also make, receive and reject calls and manage other software. Such rights will allow him to transfer money by USSD-commands and block the opening of the banking application so that the user does not suspect anything.
How to protect yourself
Fortunately, it is not so difficult to protect yourself from the Trojan. Even if you clicked on the link from the SMS, you must manually initiate the download of the malicious component, and then approve the requested permissions. And since Android will send warning notifications at every stage (for example, when changing the application for processing SMS), you should try very hard to give Asacub the power to own your device.
Discuss this and other Android news in our Telegram chat.