Catelites Android Malware Poses as 2,200 Bank Apps

Haythem Elmir
0 1
Read Time3 Minute, 9 Second

Another day another Android malware. This time, according to a joint research conducted by security firms SfyLabs and Avast Threat Labs, there is a new Android malware strain that can pose as not a hundred or two but nearly 2,200 banks to steal passwords and carry out fraud. The malware, dubbed as Catelites Bot, can pose as Santander and Barclays banks as well.

The malware has potential links to the infamous Russian gang who managed to infect over a million devices using the CronBot Trojan and make a whopping $900,000. This gang, however, was dismantled recently.

What Does Catelites Bot Do

The malware can get installed on an android device in more than one ways such as via fake, malicious applications available at third-party app stores or phishing websites. It may also get installed with malicious malware. Catelites can intercept texts, lock the mobile phone, delete device data, access phone numbers, modify speaker volume, spy on message conversations and force password unlocks.

After being downloaded, an icon titled System Application appears on the screen. When the user clicks on this icon, the software asks for admin rights. In case the victim grants these permissions, the icon disappears and the real job of Catelites Bot starts. Now the screen displays three trustable app icons of Gmail, Google Play, and Chrome. And then the malware looks for credit card information.

Catelites android malware poses as 2,200 bank apps to steal financial data
When the victim opens any of these three new icons, a fake overlay appears asking for sensitive financial information. Considering that the icons are of reliable apps, a majority of users will fall prey to this trap and enter the required data. However, if the user suspects foul play then attackers have another trick mechanism in place; the overlay will be present on the top of the screen so that the user tries to get rid of it by providing the required information.

Stealing Your Banking Data

The primary objective of the malware is to obtain bank account login details. Since the malware can pose as most of the top tier banks and financial institutions, therefore, users are bound to be deceived. When banking app is opened, the malware produces a fake overlay in place of the authentic banking app screen and the user may not know that it is not the real bank app where he or she is entering bank login credentials and credit card information. When this is done, attackers can easily access your bank account and credit card.

Catelites android malware poses as 2,200 bank apps to steal financial data
App asking for credit card data (Image credit: Avast)

 

In their blog post, security experts stated that CronBot and Catelites are quite similar to each other. According to Nikolaos Chrysaidos from Avast:

“While we don’t have any evidence that the Catelites Bot actor is linked to CronBot, it is likely that Catelites members have gotten their hands on the Cron malware and repurposed it for their own campaign.”

“The malware has the ability to automatically and interactively pull Android banking applications’ logos and names from Google Play Store. While the manipulative mobile banking screens don’t resemble the original banking apps, the power lies within the malware’s shotgun approach: Targeting millions of users of thousands of banks to increase the likelihood a few victims will fall for the trick,” added Chrysaidos.

You can stay protected by using an updated anti-virus for Android devices. If you don’t have it then boot the phone into safe mode to ensure that the malware is not installed. If you find any suspicious apps, immediately delete them. Also, remember never to grant admin rights to a program or app unless you are completely sure about the authenticity of the app.

To read the original article:

https://www.hackread.com/catelites-android-malware-poses-as-2200-bank-apps/

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
100 %

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

Laisser un commentaire

Next Post

Carthage Cyber Arena, une nouvelle pour la cybersécurité en Tunisie

Ils parlent de nous! Sites officiels,  pages facebook, magazines… parlent du plus grand évenement en cybersécurité en Tunisie A propos du l’évenement Mardi le 19 Décembre 2017, des centaines de passionnés de la cybersécurité etait au rendez à la cité des sciences pour un nouveau concept en Tunise, avec plusieurs […]